f3a5dd12b6f5835dd56b2d15e9cf973b57e8dd3ca78599c615bc20a86a659673

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 15:04

Target

27d68a88d4dddf6a051b28e91e60c931.exe
Size

56KB
MD5

27d68a88d4dddf6a051b28e91e60c931
SHA1

9f7e04e39db4afa931baab558f14a6c72a495c30
SHA256

f3a5dd12b6f5835dd56b2d15e9cf973b57e8dd3ca78599c615bc20a86a659673
SHA512

f38ad04d516611d2b91d017b36d12765a4dc0487d38100438fbf01afd4387a7cd51f82c42e6854ab1c093fb7dcd92fbd34736074066901aa7a2a319f1396c460
SSDEEP

768:tGR5iJWve3oT7KXf1Rf5efcZDU8x1ve3/zWAADw2t2NEV7D+Za7IPJx745LJ/IoG:ty50Wvgf1zZHjm3KtFxg4/tYfNn3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2028	27d68a88d4dddf6a051b28e91e60c931.exe

Executes dropped EXE 1 IoCs

pid	Process
2028	27d68a88d4dddf6a051b28e91e60c931.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3740-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2028-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0007000000023217-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3740	27d68a88d4dddf6a051b28e91e60c931.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3740	27d68a88d4dddf6a051b28e91e60c931.exe
2028	27d68a88d4dddf6a051b28e91e60c931.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 2028	3740	27d68a88d4dddf6a051b28e91e60c931.exe	20
PID 3740 wrote to memory of 2028	3740	27d68a88d4dddf6a051b28e91e60c931.exe	20
PID 3740 wrote to memory of 2028	3740	27d68a88d4dddf6a051b28e91e60c931.exe	20

C:\Users\Admin\AppData\Local\Temp\27d68a88d4dddf6a051b28e91e60c931.exe

Filesize
32KB

MD5
87eccb668243f19861498d438ded9044

SHA1
39f49fca120582c889c2e5488f9957d73e03ca45

SHA256
439b34598f1b5604f98f78ac81a51a6692a3f5dcd23384af0071fb0162f925ea

SHA512
5b604c9551fc4585ec34a759b814493eba6b39952fdcb478bc3c790e5bdd1e0b888a19f405a53fc0877c5198cc6ebc0783aef6b5b081b65dc66fee2ef801b9ad

Download Submit
memory/2028-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2028-25-0x0000000004D60000-0x0000000004D7B000-memory.dmp

Filesize
108KB

Download
memory/2028-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2028-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2028-14-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/2028-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3740-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3740-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/3740-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3740-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download