2ab27c49e646c382cbf3a2fca433784b1dafe7f22a766dad547e508f7ddf0a2c

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 19:56

Target

0f2dc1cb9a78177d222052413f3b8ca4.exe
Size

82KB
MD5

0f2dc1cb9a78177d222052413f3b8ca4
SHA1

05029bb7fb239ef25622c1b3161a71a05bba3ea4
SHA256

2ab27c49e646c382cbf3a2fca433784b1dafe7f22a766dad547e508f7ddf0a2c
SHA512

88a6d5d1049c805e7406dda419a12e006780f5516e9a357a7d50bd58a9f3bdc9c02dbd29843e1ec43beaa58ae956401123009b6f5d583241db6b954448f8962a
SSDEEP

1536:1l43d3d01RqUJCPtF7391+B0kM5wsTKwrXVftls04A4ZvRLDxWXQ2eLn+Opajh:ud3d0XqUMb/15wsTL5ftD4hZZLOeDNKh

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2064-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/2064-1-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\qhbld\\command	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\qhbld	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\qhbld	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell	0f2dc1cb9a78177d222052413f3b8ca4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	0f2dc1cb9a78177d222052413f3b8ca4.exe

C:\Users\Admin\AppData\Local\Temp\0f2dc1cb9a78177d222052413f3b8ca4.exe
"C:\Users\Admin\AppData\Local\Temp\0f2dc1cb9a78177d222052413f3b8ca4.exe"
1⤵
- Modifies registry class
PID:2064

memory/2064-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2064-1-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download