4509424cb12fb89ba023ac45668045f263a0bd5af41e34ae89955af5cef8cfc8

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 17:04

Target

fadfa8e2bea17f3ff845182cf60a96e7.exe
Size

1.3MB
MD5

fadfa8e2bea17f3ff845182cf60a96e7
SHA1

c012ab32988dbffb3aaa967f74f619987fba9228
SHA256

4509424cb12fb89ba023ac45668045f263a0bd5af41e34ae89955af5cef8cfc8
SHA512

a21dc55ddead895c642c5f665f7bc9faadcfb1a9e25c41839daed6bbf57feecfbfdf6d9a270a6e807b5c295f3ced8934e1c763c8acbcd8a8deafe9e282a1c2fd
SSDEEP

24576:NkUZZUjV0kGpcuYEnSgj6oiTWxuKHPI1gB2uO31YJiLQWO:LZeipc7ESuOwuyQCqlVLQf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1052	fadfa8e2bea17f3ff845182cf60a96e7.exe

Executes dropped EXE 1 IoCs

pid	Process
1052	fadfa8e2bea17f3ff845182cf60a96e7.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2272-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e96f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2272	fadfa8e2bea17f3ff845182cf60a96e7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2272	fadfa8e2bea17f3ff845182cf60a96e7.exe
1052	fadfa8e2bea17f3ff845182cf60a96e7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1052	2272	fadfa8e2bea17f3ff845182cf60a96e7.exe	92
PID 2272 wrote to memory of 1052	2272	fadfa8e2bea17f3ff845182cf60a96e7.exe	92
PID 2272 wrote to memory of 1052	2272	fadfa8e2bea17f3ff845182cf60a96e7.exe	92

C:\Users\Admin\AppData\Local\Temp\fadfa8e2bea17f3ff845182cf60a96e7.exe

Filesize
382KB

MD5
e0fd67b4637aeb9afa910212fd004bff

SHA1
bc3d339a2d9c4a998656756da247897ca44c0d63

SHA256
687e0a96d69a59aaec897b7a1c415aa9fb67760a1ee75cb3a52b8238eb85eeca

SHA512
d3a60f6ef3e383543e0a131fd3fd3f2c4e5c1a35299f9e4c93c66b0f431c43ebdd6673f742a053ec6f618dbb20856e178292ba0a523a73df12981b9caa76c03b

Download Submit
memory/1052-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1052-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1052-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1052-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/1052-13-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/1052-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2272-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2272-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2272-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2272-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download