0f4a6b1ca20b1846e96d1017796cc4ee26e330eb125648a0e4aeb8dbb5211306

Analysis

max time kernel
142s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 16:27

Target

efc5375e36af2d2754df1086dfdbec4b.exe
Size

5.8MB
MD5

efc5375e36af2d2754df1086dfdbec4b
SHA1

906787504dd0e1affa6eff58f843c7af0685153f
SHA256

0f4a6b1ca20b1846e96d1017796cc4ee26e330eb125648a0e4aeb8dbb5211306
SHA512

9b1c4b484f2008dbce6bb9996fd6701445bca7b620b98d6ad4dafaf661d12f7647d7a4f2f53ee8ca60bbc6cbd8474a0f422813f58fdccd53484ed0d0dca6500f
SSDEEP

98304:QKpodZeIjD4E1dcGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:QMQZPjbSGhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1236	efc5375e36af2d2754df1086dfdbec4b.exe

Executes dropped EXE 1 IoCs

pid	Process
1236	efc5375e36af2d2754df1086dfdbec4b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2328-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023206-10.dat	upx
behavioral2/memory/1236-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2328	efc5375e36af2d2754df1086dfdbec4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2328	efc5375e36af2d2754df1086dfdbec4b.exe
1236	efc5375e36af2d2754df1086dfdbec4b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1236	2328	efc5375e36af2d2754df1086dfdbec4b.exe	90
PID 2328 wrote to memory of 1236	2328	efc5375e36af2d2754df1086dfdbec4b.exe	90
PID 2328 wrote to memory of 1236	2328	efc5375e36af2d2754df1086dfdbec4b.exe	90

C:\Users\Admin\AppData\Local\Temp\efc5375e36af2d2754df1086dfdbec4b.exe

Filesize
3.2MB

MD5
96bcbd50e73f82d3f2bfcbb56921c973

SHA1
cf8905a26354da882d9e7bc199ecc5cf39d004bf

SHA256
97dc88c5fa11e13f0435bbf78a11b79ad5e74d84f643a31253622d30cb4987de

SHA512
bba5f2fd9ca735e1ef3cd4fe1cf342844488feef1a2f4944d65f067b2cb1e61196d4b581b39f93e7a227ae961fb0f928ba6159c646db3d1e40ff363aeeaec2b2

Download Submit
memory/1236-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1236-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1236-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1236-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/1236-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1236-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2328-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download