6465637f81415822ba51245da5fea5bf904168a07de6992390f441bea9e93fb5

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 15:42

Target

ddf867e2a639299bfe5f4dde6ec5667a.exe
Size

4.8MB
MD5

ddf867e2a639299bfe5f4dde6ec5667a
SHA1

b019acf8c7f80540a617ba6d30ecbedcb8359d6d
SHA256

6465637f81415822ba51245da5fea5bf904168a07de6992390f441bea9e93fb5
SHA512

5e98bd9e1b6f2c71d8eab4bfd2186edae1c30edc5ed2c78379052ae9d2f0fea1da6c9fc2943e79e65a57b868fa690aa9e0098db7ab2ce9ace76ac22749d8c1a0
SSDEEP

98304:OHjsj6CThrw6iwvlRgg3gnl/IVUs1jee2Fl4r60Rgg3gnl/IVUs1jr:LNTCdkgl/iB08r6igl/iBP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4332	ddf867e2a639299bfe5f4dde6ec5667a.exe

Executes dropped EXE 1 IoCs

pid	Process
4332	ddf867e2a639299bfe5f4dde6ec5667a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4888-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4332-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002322d-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4888	ddf867e2a639299bfe5f4dde6ec5667a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4888	ddf867e2a639299bfe5f4dde6ec5667a.exe
4332	ddf867e2a639299bfe5f4dde6ec5667a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4332	4888	ddf867e2a639299bfe5f4dde6ec5667a.exe	18
PID 4888 wrote to memory of 4332	4888	ddf867e2a639299bfe5f4dde6ec5667a.exe	18
PID 4888 wrote to memory of 4332	4888	ddf867e2a639299bfe5f4dde6ec5667a.exe	18

C:\Users\Admin\AppData\Local\Temp\ddf867e2a639299bfe5f4dde6ec5667a.exe

Filesize
43KB

MD5
35a1389169528728f4b030705de6f6c4

SHA1
5713efbbe68c72aca1fd5eb422edc34eb2187a64

SHA256
6b542970b7ac2b244f356facf34f2820ccfa4011315c466ba92f49f16b774c87

SHA512
c1706469a536af4f7123475d0400c15fd042a14092276e16462212791a3e34db8b93db247d9ebe5a474098c25e17fc06a288dfe0fe68bb9af16b02d3ac9fe740

Download Submit
memory/4332-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4332-14-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/4332-21-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/4332-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4332-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4332-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4888-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4888-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4888-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/4888-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download