c0badf88182a55acc4aa29ed2835e21271c9251885e596128b2cb75eb336ca70

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:57

Target

18e43bd8c3ece4403eac84a82719ff4b.exe
Size

80KB
MD5

18e43bd8c3ece4403eac84a82719ff4b
SHA1

384f7bfb47d725b01f1edece9f8e70cd837c38d6
SHA256

c0badf88182a55acc4aa29ed2835e21271c9251885e596128b2cb75eb336ca70
SHA512

8eecc70546e0e98a51d3814bcf9248e95ec15e22e3ca2484bb207b685b6634b6942cfc2072d27de1c6fd3733c4d6e5191c070e27ad965166e0116475dd4afc6e
SSDEEP

1536:srXPi7Cw11EEerIhguY2LMPQxSS9UG4HHEF0CmuJd4BXL:UXPiuw11aiYKS6+H+Bbd45

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1948	18e43bd8c3ece4403eac84a82719ff4b.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	18e43bd8c3ece4403eac84a82719ff4b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2160-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000800000002320f-11.dat	upx
behavioral2/memory/1948-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2160	18e43bd8c3ece4403eac84a82719ff4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2160	18e43bd8c3ece4403eac84a82719ff4b.exe
1948	18e43bd8c3ece4403eac84a82719ff4b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1948	2160	18e43bd8c3ece4403eac84a82719ff4b.exe	90
PID 2160 wrote to memory of 1948	2160	18e43bd8c3ece4403eac84a82719ff4b.exe	90
PID 2160 wrote to memory of 1948	2160	18e43bd8c3ece4403eac84a82719ff4b.exe	90

C:\Users\Admin\AppData\Local\Temp\18e43bd8c3ece4403eac84a82719ff4b.exe

Filesize
80KB

MD5
0601b5b1b577be20d791554b1b8132f6

SHA1
13828260d8357d32fd404c62902cecebd94aa6ab

SHA256
e9d46e02e5c43b3a8a6b3e52bee2910b7dbbcf922df894ea38d2a99ca4078296

SHA512
c763803c97228872737e305bf684fc7cb5863326ac19a2c37138822da9ddc2a7e0cba098e18b2a73cec005118a57e808caa40d4b98cba6610bd721b920f03b0c

Download Submit
memory/1948-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1948-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1948-14-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/1948-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1948-25-0x00000000014B0000-0x00000000014CB000-memory.dmp

Filesize
108KB

Download
memory/1948-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2160-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2160-1-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download
memory/2160-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2160-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download