a312226482b7b8fa44e3827b2572b0ee58dbfe0d104f4b3a978f76ef36d6f357

Analysis

max time kernel
150s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:29

Target

f605b47e868a089a99ef140274d4800e.exe
Size

353KB
MD5

f605b47e868a089a99ef140274d4800e
SHA1

80d0a05b9a7d9d36f4001c6bace2ee29aeebef0e
SHA256

a312226482b7b8fa44e3827b2572b0ee58dbfe0d104f4b3a978f76ef36d6f357
SHA512

68a9e63a51c605989f8da2b633d2a65c026bb6ad5d9fa5478a17e569523ea31ac13af42c897a2800a65e111e4fd39ea7f4f1aecac0d5c14c402cbb5dfba09fe8
SSDEEP

6144:r6ksFVXy/DORL7oU4V5Ab0hpCAOpCfKvTPhX/CKAPCDJgEjjYdxfsLPrPwo+:r6kUC/DOlcVKb0aQSvf28JhXYTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4116	f605b47e868a089a99ef140274d4800e.exe

Executes dropped EXE 1 IoCs

pid	Process
4116	f605b47e868a089a99ef140274d4800e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3312-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x0007000000023235-11.dat	upx
behavioral2/memory/4116-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3312	f605b47e868a089a99ef140274d4800e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3312	f605b47e868a089a99ef140274d4800e.exe
4116	f605b47e868a089a99ef140274d4800e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 4116	3312	f605b47e868a089a99ef140274d4800e.exe	91
PID 3312 wrote to memory of 4116	3312	f605b47e868a089a99ef140274d4800e.exe	91
PID 3312 wrote to memory of 4116	3312	f605b47e868a089a99ef140274d4800e.exe	91

C:\Users\Admin\AppData\Local\Temp\f605b47e868a089a99ef140274d4800e.exe

Filesize
353KB

MD5
c55eaaf0828a2a70317390934e3564de

SHA1
3f802bee8fab31f34c76b3622d1efb24f5aafb3e

SHA256
cdf1725160f85129fcd2e91cba1d6522fdc7afc99da52955498425873cd6475d

SHA512
9b83534a25a8f3b973eb98709cb469c5207a7a856a7e5ad544a21ceb035510134b1d93e76f05188596096f8872e5f22f10c1fbb2ddac1cb6757ed7e8cce8c2db

Download Submit
memory/3312-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3312-1-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/3312-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3312-12-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4116-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4116-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4116-14-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/4116-20-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4116-22-0x0000000001580000-0x00000000015D0000-memory.dmp

Filesize
320KB

Download
memory/4116-27-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download