80390a01ec83314cae93a0f298822a0da26ecec3c20b8569a9bbf71e4ac06072

Analysis

max time kernel
170s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 22:49

Target

fde896e2d097367842ef9c3671e5b8a5.exe
Size

1010KB
MD5

fde896e2d097367842ef9c3671e5b8a5
SHA1

b109a27116d97894db8a937e8388460c9c64cd1b
SHA256

80390a01ec83314cae93a0f298822a0da26ecec3c20b8569a9bbf71e4ac06072
SHA512

ac0ed22cf1d7e07188993dfbc2ffa459c02e0057b432f9006b2e3501eb76d021bfd6b7af49252d6131abcbc8c7f256733cd7e4297300417dce400b5c207e4d37
SSDEEP

12288:7E5E5X3Kh7rNYTfm6hiYc5plDFwrilMiYTfm:MEpKhnNmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1316	fde896e2d097367842ef9c3671e5b8a5.exe

Executes dropped EXE 1 IoCs

pid	Process
1316	fde896e2d097367842ef9c3671e5b8a5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2276-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x0008000000023238-12.dat	upx
behavioral2/memory/1316-14-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2276	fde896e2d097367842ef9c3671e5b8a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2276	fde896e2d097367842ef9c3671e5b8a5.exe
1316	fde896e2d097367842ef9c3671e5b8a5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1316	2276	fde896e2d097367842ef9c3671e5b8a5.exe	93
PID 2276 wrote to memory of 1316	2276	fde896e2d097367842ef9c3671e5b8a5.exe	93
PID 2276 wrote to memory of 1316	2276	fde896e2d097367842ef9c3671e5b8a5.exe	93

C:\Users\Admin\AppData\Local\Temp\fde896e2d097367842ef9c3671e5b8a5.exe

Filesize
1010KB

MD5
aeb2645db24faad453a01ad2bc02fb48

SHA1
09531288e9b2afcbd92d9b101c52f572940a732c

SHA256
a527bc0e1599cb5b4c6a5828babec4862df83a6b463a08e9425d1b7984c33b11

SHA512
2fcfaafd6a403c437ae1f14b027c0824c32beed72bead7c585ed80f4912c6ab91d572745720c7fdec2d83a56aef33bb12394d36f2140e452284965bbb5d553ed

Download Submit
memory/1316-14-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/1316-16-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1316-23-0x0000000004E60000-0x0000000004EB0000-memory.dmp

Filesize
320KB

Download
memory/1316-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1316-15-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/1316-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2276-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2276-1-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/2276-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2276-13-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download