eddc08a1a4249925a7a7751efff216729bfb89e50b9bbed049132ade603e3f75

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:25

Target

eed094c82d6d963d306478e6a7b0496c.exe
Size

2.7MB
MD5

eed094c82d6d963d306478e6a7b0496c
SHA1

f5e4c485641225b65a7b389ec7c35c1f3d114eeb
SHA256

eddc08a1a4249925a7a7751efff216729bfb89e50b9bbed049132ade603e3f75
SHA512

7e60a55ea33c90b046bcded386228ff9500340e8682c97504e6b9a9f744da8386ac24c69f9c598d457fff303d1750cf4767f7e3d5b58539f246e9ba94a4f99b4
SSDEEP

49152:fAz4hOq/mTXAoL0Abvm1SUA8gByYQjPj/vMEfF7UjXSerjXpswxgDlhYsup:fAz4hOBT7vm1LgBnMPzvMwF7MXSYswHf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1864	eed094c82d6d963d306478e6a7b0496c.exe

Executes dropped EXE 1 IoCs

pid	Process
1864	eed094c82d6d963d306478e6a7b0496c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4816-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321e-11.dat	upx
behavioral2/memory/1864-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4816	eed094c82d6d963d306478e6a7b0496c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4816	eed094c82d6d963d306478e6a7b0496c.exe
1864	eed094c82d6d963d306478e6a7b0496c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1864	4816	eed094c82d6d963d306478e6a7b0496c.exe	90
PID 4816 wrote to memory of 1864	4816	eed094c82d6d963d306478e6a7b0496c.exe	90
PID 4816 wrote to memory of 1864	4816	eed094c82d6d963d306478e6a7b0496c.exe	90

C:\Users\Admin\AppData\Local\Temp\eed094c82d6d963d306478e6a7b0496c.exe

Filesize
1.1MB

MD5
d902e26a8426666f44acad2e8a515787

SHA1
5e8a59dc5fc034d06e09949556e6c18ad6e44435

SHA256
50cab77cf890e9c98f0fddb5778ef8ae96c27d57352e4c13177175a17c5a9771

SHA512
2fa5d330f43b05f727244e663c67d5af1a8000c92ab0e9efbd46bec5b29a115fed808a43ad8be0674e0c18998ab208b61c5344ab4d267a0e0600a83bbd525f6b

Download Submit
memory/1864-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1864-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1864-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1864-21-0x0000000005560000-0x000000000578A000-memory.dmp

Filesize
2.2MB

Download
memory/1864-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1864-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4816-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4816-1-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/4816-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4816-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download