c048541bc9b490e97d68b40e4f5c7e7b3d14213875b05ee397cdf767beb49ba5

Analysis

max time kernel
147s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:14

Target

ec2cd68c39b0f801d3d4567410735720.exe
Size

1.3MB
MD5

ec2cd68c39b0f801d3d4567410735720
SHA1

f6d452e3df0a70bdbd85e082d32a0b6b6fbf10c1
SHA256

c048541bc9b490e97d68b40e4f5c7e7b3d14213875b05ee397cdf767beb49ba5
SHA512

0e8daa92b63446210d75323d4db823198f631ab35a6452dfa38abe5dee2bce11f3cd63c76bcaa331d19ea3269ba3288955e981bbcf7f1648a2f32258249b01bd
SSDEEP

24576:K4hJ0gAeWkpQG2WwvE0T3p+DRFN41o5iWq7wTLh2AxSvuxNa2fU9/9Us:K4hJ0g/jj2WeE43ps80dqJAcvXR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1964	ec2cd68c39b0f801d3d4567410735720.exe

Executes dropped EXE 1 IoCs

pid	Process
1964	ec2cd68c39b0f801d3d4567410735720.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4592-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/1964-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4592	ec2cd68c39b0f801d3d4567410735720.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4592	ec2cd68c39b0f801d3d4567410735720.exe
1964	ec2cd68c39b0f801d3d4567410735720.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 1964	4592	ec2cd68c39b0f801d3d4567410735720.exe	19
PID 4592 wrote to memory of 1964	4592	ec2cd68c39b0f801d3d4567410735720.exe	19
PID 4592 wrote to memory of 1964	4592	ec2cd68c39b0f801d3d4567410735720.exe	19

C:\Users\Admin\AppData\Local\Temp\ec2cd68c39b0f801d3d4567410735720.exe

Filesize
52KB

MD5
5514e592384553281ce3f9f3fa0c43d9

SHA1
11ec945f53aae585ae9add268820ecf37b6d9675

SHA256
0484509106d28bc4211226f865bca024e9ea5f6d27d66da326c375209d562035

SHA512
6fde36c60a2ab1425d387fcf6bb09bdfac873c029e9de3ba9eb6afe98782332a1f10313bc9e574dc2af1b8cb6a280affcdf73499397d278f7a4712b6de99c5a7

Download Submit
memory/1964-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1964-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1964-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1964-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1964-20-0x0000000005520000-0x0000000005742000-memory.dmp

Filesize
2.1MB

Download
memory/1964-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4592-1-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/4592-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4592-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4592-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download