e66cf44e428d0ffcc0de5e35b33611eb0940c59159e86a6198621006d802e0f8

Analysis

max time kernel
140s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:35

Target

c749b89de1dcf83f90f65d0208b7afd6.exe
Size

1.3MB
MD5

c749b89de1dcf83f90f65d0208b7afd6
SHA1

2986efb96482c25f2c2f4ac40d472bf1b0f8a0b9
SHA256

e66cf44e428d0ffcc0de5e35b33611eb0940c59159e86a6198621006d802e0f8
SHA512

5a60c6f5dd1e91ce0ad1a0a0ec00cee872a765737946525c10b14ff100838240d65a814d93fc5df6c7e9b0717336a880a72ebf65a80ae52f3a20b258f6ed1282
SSDEEP

24576:JSlD919q6z38baXMRs0D2JO0t7Xyh5+1vxzlKw5p+C7I1opCU9/9Us:JADUb9C0D2Uoh1vxsS+C8eR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2644	c749b89de1dcf83f90f65d0208b7afd6.exe

Executes dropped EXE 1 IoCs

pid	Process
2644	c749b89de1dcf83f90f65d0208b7afd6.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4508-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000e000000023192-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4508	c749b89de1dcf83f90f65d0208b7afd6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4508	c749b89de1dcf83f90f65d0208b7afd6.exe
2644	c749b89de1dcf83f90f65d0208b7afd6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 2644	4508	c749b89de1dcf83f90f65d0208b7afd6.exe	20
PID 4508 wrote to memory of 2644	4508	c749b89de1dcf83f90f65d0208b7afd6.exe	20
PID 4508 wrote to memory of 2644	4508	c749b89de1dcf83f90f65d0208b7afd6.exe	20

C:\Users\Admin\AppData\Local\Temp\c749b89de1dcf83f90f65d0208b7afd6.exe

Filesize
134KB

MD5
58a48e0e4c5c62569d71f0eb8c0eb7d1

SHA1
cbce630515bccd9dd17371b30fd8a1c9e6536bd1

SHA256
dcdef4815fbc4160f68fa8fc4004e2d2a51d72545a3c874d283ef49531622982

SHA512
baa2b97733fac06f716738c0f64f7b245cd3595916777f0d4900927245da2d8c321550d71b05348b1b435f28df2e3ab7bf2f7b12cf258a5adeb6f0a17d9c3f50

Download Submit
memory/2644-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2644-20-0x0000000005560000-0x0000000005782000-memory.dmp

Filesize
2.1MB

Download
memory/2644-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2644-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2644-13-0x0000000001C70000-0x0000000001DA1000-memory.dmp

Filesize
1.2MB

Download
memory/2644-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4508-1-0x0000000001C90000-0x0000000001DC1000-memory.dmp

Filesize
1.2MB

Download
memory/4508-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4508-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4508-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download