9a7fd56a058834ae106f738b969c937cee7aa0f4ae1284eda8bdbeeab3c3e6a6

Analysis

max time kernel
160s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 15:41

Target

dd9e483c273e3f7e75dc2dc5de2af995.exe
Size

2.4MB
MD5

dd9e483c273e3f7e75dc2dc5de2af995
SHA1

e6c694357c66b1a60fa6cad9733c89755b184c6c
SHA256

9a7fd56a058834ae106f738b969c937cee7aa0f4ae1284eda8bdbeeab3c3e6a6
SHA512

33ce944e0eb0f3b4c1e9cec7e71c0d7514115565cdaafd9fb130769a04a810a84cf051611b5f00ab4abdf0dfdd6f4b6a2ec4ea547fcfc5636098418b54d6d3f3
SSDEEP

49152:bJvkCG/vH5BWbaaKq/Bh+fV3qclpnP4M338dB2IBlGuuDVUsdxxjr:tvk9/u2ab/B0fV3qclZgg3gnl/IVUs1P

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
968	dd9e483c273e3f7e75dc2dc5de2af995.exe

Executes dropped EXE 1 IoCs

pid	Process
968	dd9e483c273e3f7e75dc2dc5de2af995.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4888-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/968-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023203-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4888	dd9e483c273e3f7e75dc2dc5de2af995.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4888	dd9e483c273e3f7e75dc2dc5de2af995.exe
968	dd9e483c273e3f7e75dc2dc5de2af995.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 968	4888	dd9e483c273e3f7e75dc2dc5de2af995.exe	91
PID 4888 wrote to memory of 968	4888	dd9e483c273e3f7e75dc2dc5de2af995.exe	91
PID 4888 wrote to memory of 968	4888	dd9e483c273e3f7e75dc2dc5de2af995.exe	91

C:\Users\Admin\AppData\Local\Temp\dd9e483c273e3f7e75dc2dc5de2af995.exe

Filesize
445KB

MD5
4195a0fbde27278e14885874aeeb065a

SHA1
15af03d72889e7c7249b1481e1915f8663c5f01a

SHA256
731581e6163a04e0d02b4b037ddd344ed576063fa16ad4f28eb414c5591bf8a2

SHA512
667d6cdc87ecf417f00c3faaa02d95348e7f148920fe8cd3c72aeef323e00bd8da1212adf1eb9d0caad3ab231c4bec84c5322df1c039b235aa71ce1dceabc80d

Download Submit
memory/968-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/968-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/968-20-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/968-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/968-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/968-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4888-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4888-1-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/4888-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4888-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download