07b78f331402578fe79ffd6849671b0eaca3d3ca079b5a89d012e497426d72ac

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 17:21

Target

ff9fb7abe65853cbb8d415be1780a13f.exe
Size

1.3MB
MD5

ff9fb7abe65853cbb8d415be1780a13f
SHA1

583ca418115ccd31ede50acc1b650219029aa37e
SHA256

07b78f331402578fe79ffd6849671b0eaca3d3ca079b5a89d012e497426d72ac
SHA512

bb248084f458c86c0e215154a6c21c38bee95652c14d50f5bdb292f5b9d54ca50bf23ec211c75619f867504352f8e654585412915c584915ac6274e92b286009
SSDEEP

24576:gHRU6rBw20HQdDJO/oESLY+LzWgL3aFUTWxFf200Shrylm10a9KRtrsW8vOz4j9D:gxHrBwNuJuorL7bLKFUMe0vhYm10aKsn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3492	ff9fb7abe65853cbb8d415be1780a13f.exe

Executes dropped EXE 1 IoCs

pid	Process
3492	ff9fb7abe65853cbb8d415be1780a13f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4776-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x001000000002313c-11.dat	upx
behavioral2/memory/3492-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4776	ff9fb7abe65853cbb8d415be1780a13f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4776	ff9fb7abe65853cbb8d415be1780a13f.exe
3492	ff9fb7abe65853cbb8d415be1780a13f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 3492	4776	ff9fb7abe65853cbb8d415be1780a13f.exe	88
PID 4776 wrote to memory of 3492	4776	ff9fb7abe65853cbb8d415be1780a13f.exe	88
PID 4776 wrote to memory of 3492	4776	ff9fb7abe65853cbb8d415be1780a13f.exe	88

C:\Users\Admin\AppData\Local\Temp\ff9fb7abe65853cbb8d415be1780a13f.exe

Filesize
207KB

MD5
1ead9f1924f55decb60efb1a4f5ec31a

SHA1
476a092f05d702f411d75b81bf2d5893b155240e

SHA256
ab625ef6042393386fed7d48db70054e8286b3ca9a091f9f383b2b8d1e90c599

SHA512
511e6548cb9acc2cf7b33b9082cccda47b0a728c0c2e8c6baa3e46600829157e1d009698998e02ac43d9771d5962722e55a0ce6b86cc2a07641d9cb1aef4e2ef

Download Submit
memory/3492-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3492-15-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/3492-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3492-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3492-21-0x0000000005690000-0x00000000058BA000-memory.dmp

Filesize
2.2MB

Download
memory/3492-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4776-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4776-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4776-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4776-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download