07e2531fee5f12d9e580b081f3b2d19911435045e7329e1283cfb77101c456c6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 13:04

Target

70b9c5d137ca9437858e8c2f007e66d6.exe
Size

59KB
MD5

70b9c5d137ca9437858e8c2f007e66d6
SHA1

23a9961be1177ca4730626e280078d6205c3d1c1
SHA256

07e2531fee5f12d9e580b081f3b2d19911435045e7329e1283cfb77101c456c6
SHA512

612a9a5212f7c396d69cb46190d445a412e9b82c475c2663269c4336f8a96622199b4d7a51b90c3651ba159e1eaeb7c068346cede5e65b0194afe679dea4dddd
SSDEEP

1536:F0M5uxmhkMkvuDvyegDBsNoMN4NUyBUrxHaRm/RhlS:FCmhkR2DKeCaoG49KrxHJpho

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4940	70b9c5d137ca9437858e8c2f007e66d6.exe

Executes dropped EXE 1 IoCs

pid	Process
4940	70b9c5d137ca9437858e8c2f007e66d6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2524-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x00070000000231e0-11.dat	upx
behavioral2/memory/4940-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2524	70b9c5d137ca9437858e8c2f007e66d6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2524	70b9c5d137ca9437858e8c2f007e66d6.exe
4940	70b9c5d137ca9437858e8c2f007e66d6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 4940	2524	70b9c5d137ca9437858e8c2f007e66d6.exe	20
PID 2524 wrote to memory of 4940	2524	70b9c5d137ca9437858e8c2f007e66d6.exe	20
PID 2524 wrote to memory of 4940	2524	70b9c5d137ca9437858e8c2f007e66d6.exe	20

C:\Users\Admin\AppData\Local\Temp\70b9c5d137ca9437858e8c2f007e66d6.exe

Filesize
59KB

MD5
2d9051d37a9428ab8d0f52bae60661e6

SHA1
1dee176ff7baa232f6dfae633010b367315992d9

SHA256
3aeb16048bd2acc6ef73b4d7284ad6fd8ff12d0eb86bf7f2c5cf07c6b91c73e2

SHA512
794c1708aeb78f1eac4fe1f74b12695f9a984ca0818f8e251cab24dbc186a2c674891b4c41574b1b0ba82529b8f04503a74a9460c669c6cb56a58aa77c3d7e00

Download Submit
memory/2524-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2524-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/2524-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2524-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4940-14-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/4940-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4940-25-0x00000000001D0000-0x00000000001ED000-memory.dmp

Filesize
116KB

Download
memory/4940-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4940-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4940-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download