0ac33151d329fde8346fe102da9ad43efc3229befd84a3d30a2c9925b1f8eccb

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 17:10

Target

fbe8e108225cac785b0685200a6e98a8.exe
Size

2.7MB
MD5

fbe8e108225cac785b0685200a6e98a8
SHA1

689872edeb84504aadf558aa9b121765f827c1ab
SHA256

0ac33151d329fde8346fe102da9ad43efc3229befd84a3d30a2c9925b1f8eccb
SHA512

4f558fd35a77d1b98846f62c3e2a74ab75739429654eee0a347db13e1ba76d65fefdeb203f252a37fd6e1a248dd859b24b6c5109f0b7cf719a150a2e76ad3647
SSDEEP

49152:B74+ptLXS3nJfqRCzsjbvdR9S/+CJRCpE1EkKlLEK3zeEo2s+uFCR9j:B7zLXenNqAEbvdHS/7EEmpfjRRbuAHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1176	fbe8e108225cac785b0685200a6e98a8.exe

Executes dropped EXE 1 IoCs

pid	Process
1176	fbe8e108225cac785b0685200a6e98a8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3060-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000200000001fafe-12.dat	upx
behavioral2/memory/1176-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3060	fbe8e108225cac785b0685200a6e98a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3060	fbe8e108225cac785b0685200a6e98a8.exe
1176	fbe8e108225cac785b0685200a6e98a8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 1176	3060	fbe8e108225cac785b0685200a6e98a8.exe	88
PID 3060 wrote to memory of 1176	3060	fbe8e108225cac785b0685200a6e98a8.exe	88
PID 3060 wrote to memory of 1176	3060	fbe8e108225cac785b0685200a6e98a8.exe	88

C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe

Filesize
43KB

MD5
66129fb117d74061cda2670155e8378a

SHA1
3bfd4c45625ab55a7ebf618cf47d9a64ef1afa43

SHA256
d6f24c2f2b93a8f64eac0f51dc351a7540f2a0234a40e9a6d486c7edc073afab

SHA512
50ccd60ff55896c5cfef537d300f7a94eab4829d7d2507f8cdc6edd1d1baf134747ebf1afa00d07ce5c8a80ba0ed21f84ff43680fa53a7cd8aa36371fc730d42

Download Submit
memory/1176-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1176-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1176-15-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/1176-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1176-21-0x00000000055E0000-0x0000000005802000-memory.dmp

Filesize
2.1MB

Download
memory/1176-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3060-1-0x0000000001D90000-0x0000000001EC1000-memory.dmp

Filesize
1.2MB

Download
memory/3060-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3060-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3060-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download