e3b923d68815737c2d0fcb633098f61036547ced146e5d91ee7e2790cdbd0806

Analysis

max time kernel
135s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 23:30

Target

435352dcacb85e5574889c30865403b6.exe
Size

74KB
MD5

435352dcacb85e5574889c30865403b6
SHA1

1868e6e15258b7c5b5bbef692c3e62c1e99513b1
SHA256

e3b923d68815737c2d0fcb633098f61036547ced146e5d91ee7e2790cdbd0806
SHA512

f09db38a9be2b7d659b79ce8be5cb2c5fc8be26fbfe5a2faee80f281f4de096b73240c65ef2ec3970877be2ede950920042c4e8d3a65fff099336e847e2433d6
SSDEEP

1536:H05381E6PYBi4dUwMPagNqe2FMfnAn0YLwWLF+9gD6nzaLCNFpO:tG6ki4Kf67FMAnEaF+9gD6n+Lr

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5008-0-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
5008	435352dcacb85e5574889c30865403b6.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4184	5008	435352dcacb85e5574889c30865403b6.exe	91
PID 5008 wrote to memory of 4184	5008	435352dcacb85e5574889c30865403b6.exe	91
PID 5008 wrote to memory of 4184	5008	435352dcacb85e5574889c30865403b6.exe	91
PID 5008 wrote to memory of 4184	5008	435352dcacb85e5574889c30865403b6.exe	91
PID 5008 wrote to memory of 4184	5008	435352dcacb85e5574889c30865403b6.exe	91

memory/5008-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5008-1-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/5008-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5008-3-0x0000000002080000-0x000000000208E000-memory.dmp

Filesize
56KB

Download
memory/5008-4-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download