a4e949969b734a91cf6007ac28a323c51f79471cdf7be1c25aba1ac6666360fa

Analysis

max time kernel
154s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 14:45

Target

769c16e88884c18e6036ed2d31432fd4.exe
Size

101KB
MD5

769c16e88884c18e6036ed2d31432fd4
SHA1

1890707bcbf812ce4cc3c7e8ac7b02612f21ad86
SHA256

a4e949969b734a91cf6007ac28a323c51f79471cdf7be1c25aba1ac6666360fa
SHA512

c45f0a1c0e545474fcea468fb81be8b1a47b3807892d3d57780bbfb75488dc8d5575ce29347b530b647665b2fca059a0d1ec569c0057affc5eaa422ef3e90752
SSDEEP

1536:gLXjXZsHyvA37jg24kTRwUM697mnTcii0CmuJd4BXKikc6E3:gDjXZsf782lT6UM60TEBbd4M5E3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3456	769c16e88884c18e6036ed2d31432fd4.exe

Executes dropped EXE 1 IoCs

pid	Process
3456	769c16e88884c18e6036ed2d31432fd4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4832-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000200000001e7dd-11.dat	upx
behavioral2/memory/3456-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4832	769c16e88884c18e6036ed2d31432fd4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4832	769c16e88884c18e6036ed2d31432fd4.exe
3456	769c16e88884c18e6036ed2d31432fd4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4832 wrote to memory of 3456	4832	769c16e88884c18e6036ed2d31432fd4.exe	91
PID 4832 wrote to memory of 3456	4832	769c16e88884c18e6036ed2d31432fd4.exe	91
PID 4832 wrote to memory of 3456	4832	769c16e88884c18e6036ed2d31432fd4.exe	91

C:\Users\Admin\AppData\Local\Temp\769c16e88884c18e6036ed2d31432fd4.exe

Filesize
101KB

MD5
c6c7756a453f18745ab9a3296be17336

SHA1
109f2c284b1098746c70fa5b9c8d815a935fe57c

SHA256
d36254a12fd5df7588873056e8108a18202542902cfdc18cbf30a2b975fa57fd

SHA512
07cfd396955ee71ea0d09af2c86f37eea6cacb33dd17514983b88d4b1f04fcdaab523bb8fc9613c8dc2709953f55d3f18e4cf6676866678bb68d493bd946361b

Download Submit
memory/3456-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3456-14-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/3456-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3456-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3456-24-0x00000000014C0000-0x00000000014DB000-memory.dmp

Filesize
108KB

Download
memory/3456-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4832-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4832-1-0x00000000000E0000-0x00000000000EE000-memory.dmp

Filesize
56KB

Download
memory/4832-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4832-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download