148d1252aa0983a44ad116e1570e0578a60b4dc23c49c1f7df42343bc0f9e2ec

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:20

Target

be79122eae46ac69a694654e0530c45c.exe
Size

2.4MB
MD5

be79122eae46ac69a694654e0530c45c
SHA1

eedbf783a56a8413bea05469a08e33e251f13a19
SHA256

148d1252aa0983a44ad116e1570e0578a60b4dc23c49c1f7df42343bc0f9e2ec
SHA512

21144530ab4399f56206d1fc8fe7204b792048b025a2dcb13adc701f93814ecf3abd48e40163b6c822292cb38f83d9f32f706af62bcd85cf2ee1b0568655ef3a
SSDEEP

49152:EKGOin2lEH+vypuQAajXp6/NBIP4M338dB2IBlGuuDVUsdxxjr:EKGR2+HpGajMVBIgg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4788	be79122eae46ac69a694654e0530c45c.exe

Executes dropped EXE 1 IoCs

pid	Process
4788	be79122eae46ac69a694654e0530c45c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x008600000001b58d-11.dat	upx
behavioral2/memory/4788-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2380	be79122eae46ac69a694654e0530c45c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2380	be79122eae46ac69a694654e0530c45c.exe
4788	be79122eae46ac69a694654e0530c45c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 4788	2380	be79122eae46ac69a694654e0530c45c.exe	89
PID 2380 wrote to memory of 4788	2380	be79122eae46ac69a694654e0530c45c.exe	89
PID 2380 wrote to memory of 4788	2380	be79122eae46ac69a694654e0530c45c.exe	89

C:\Users\Admin\AppData\Local\Temp\be79122eae46ac69a694654e0530c45c.exe

Filesize
960KB

MD5
031a48c9d8b2325f3fd6ad5c076749e8

SHA1
d498084aafcf4c476dcd3941d51645957213465b

SHA256
69096d25b6c278ab959ce71d0827b155318c4e3a51ad3677cb5fd146d69eba08

SHA512
1b843089c2d44359f36dac7170fa52857a5f945f884649a89759a2339685f752e23f5e30af5966313a3e5f38359b38b186876784cd255b27540073b3ff458e18

Download Submit
memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/2380-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4788-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4788-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4788-14-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/4788-20-0x0000000005680000-0x00000000058AA000-memory.dmp

Filesize
2.2MB

Download
memory/4788-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4788-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download