7a6c79bb8ad2a4988074a3617aac723db1684ad3161c80551cfc0b943cbf25ae

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 15:53

Target

e303d62bb2216397fb1374bcdf6225cf.exe
Size

1.5MB
MD5

e303d62bb2216397fb1374bcdf6225cf
SHA1

711a9d500518047d13d3856d00ec1550b6284463
SHA256

7a6c79bb8ad2a4988074a3617aac723db1684ad3161c80551cfc0b943cbf25ae
SHA512

1d5c4350ed1b4ca52c09286f0f6fcfd187a33dadba3353d85da09ab681116c11a3164a0d32d93cc3c376104f09cb7640858a171a957460218431942accce33be
SSDEEP

24576:ukiqO/G0KD/cDxBncaz0OTFvq5jGqMPDH/uV2Q8s3iOsO6AX4rzsW:ukivNKD/YxBnPxvPr/uks3i3O6AWs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5088	e303d62bb2216397fb1374bcdf6225cf.exe

Executes dropped EXE 1 IoCs

pid	Process
5088	e303d62bb2216397fb1374bcdf6225cf.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/556-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/5088-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000224fc-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
556	e303d62bb2216397fb1374bcdf6225cf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
556	e303d62bb2216397fb1374bcdf6225cf.exe
5088	e303d62bb2216397fb1374bcdf6225cf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 5088	556	e303d62bb2216397fb1374bcdf6225cf.exe	56
PID 556 wrote to memory of 5088	556	e303d62bb2216397fb1374bcdf6225cf.exe	56
PID 556 wrote to memory of 5088	556	e303d62bb2216397fb1374bcdf6225cf.exe	56

C:\Users\Admin\AppData\Local\Temp\e303d62bb2216397fb1374bcdf6225cf.exe

Filesize
49KB

MD5
efc80cc02f705cc0a613176f68d01dad

SHA1
1d693e7891ebaba22835e6569d6cc3ee20afdf4d

SHA256
0973a513cdfc8c0e6533cdfc222df979e18127d2cf307d78395e5eb39ddb1759

SHA512
8ea04a396d680223827cb1142eff1037c294700f3d5265eab8909c483627008e463005f9365707ceb21a5a5b61d5a15dde6d1057b3763fd3553443e180df07f3

Download Submit
memory/556-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/556-1-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/556-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/556-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5088-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5088-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5088-14-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/5088-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/5088-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5088-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download