533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7

Analysis

max time kernel
142s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:24

Target

1e1bb50d1b247baf60f2243e42760efd.exe
Size

1010KB
MD5

1e1bb50d1b247baf60f2243e42760efd
SHA1

dce135f07d0e3263f586778b0ed2608863ba423a
SHA256

533d962d2084f6306f40dca33c5a5a0a8408e61adc24b95fb13fccc161d178d7
SHA512

5d70940a91bcbaceb1f97f37a2ede74afed15b78728ed7d02ebb4e2f6c18b536d2d8e3fee21ceee61332dac3dac7f95cb890419958213e293bd11c9762c931f0
SSDEEP

12288:Vnjp8km4egkhfFYTfm6hiYc5plDFwrilMiYTfm:jvmfBmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3416	1e1bb50d1b247baf60f2243e42760efd.exe

Executes dropped EXE 1 IoCs

pid	Process
3416	1e1bb50d1b247baf60f2243e42760efd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2372-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x0006000000023239-12.dat	upx
behavioral2/memory/3416-14-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	1e1bb50d1b247baf60f2243e42760efd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2372	1e1bb50d1b247baf60f2243e42760efd.exe
3416	1e1bb50d1b247baf60f2243e42760efd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3416	2372	1e1bb50d1b247baf60f2243e42760efd.exe	93
PID 2372 wrote to memory of 3416	2372	1e1bb50d1b247baf60f2243e42760efd.exe	93
PID 2372 wrote to memory of 3416	2372	1e1bb50d1b247baf60f2243e42760efd.exe	93

C:\Users\Admin\AppData\Local\Temp\1e1bb50d1b247baf60f2243e42760efd.exe

Filesize
1010KB

MD5
ce7c55782e5fbf86e8d97198e006b199

SHA1
f33e7a9af57513eeb9d31f02581c8afc46f28b13

SHA256
19c0fa5c0d1fa6fb976a422fd6221685b279a06480c4eb04678b88a6138e2602

SHA512
bf3aecb58ac8c3362ae754bb55e8e06551e540110ba072d886551478cae3ca9933c1f3259216536320656bbe360c053247e699de9f88330e98e92d37b1563b1c

Download Submit
memory/2372-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2372-1-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/2372-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2372-13-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3416-14-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3416-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3416-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3416-16-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/3416-25-0x0000000001580000-0x00000000015D0000-memory.dmp

Filesize
320KB

Download
memory/3416-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download