707c81bd5581efb6952fd2bc1a030f6dd68d2b5b2515ceff1f2e75bbdef1a3a6

Analysis

max time kernel
158s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 22:08

Target

0532fa47d470b34c2e0f4207c42bcf85.exe
Size

2.9MB
MD5

0532fa47d470b34c2e0f4207c42bcf85
SHA1

7dba0f0ee59f9c3996085ed900a2738f08225331
SHA256

707c81bd5581efb6952fd2bc1a030f6dd68d2b5b2515ceff1f2e75bbdef1a3a6
SHA512

b5d7bd01677761ccfdec14a00e7a62463e02d7408abe32aa3b520ab581dd3fd2fc9d13526a15ad7a244f41edf17243ad48642a6012a5835e0b207822c5970da5
SSDEEP

49152:vHxWsliSYwkEa6Sa2KP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:5niQkva2Kgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3612	0532fa47d470b34c2e0f4207c42bcf85.exe

Executes dropped EXE 1 IoCs

pid	Process
3612	0532fa47d470b34c2e0f4207c42bcf85.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1680-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023219-11.dat	upx
behavioral2/memory/3612-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1680	0532fa47d470b34c2e0f4207c42bcf85.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1680	0532fa47d470b34c2e0f4207c42bcf85.exe
3612	0532fa47d470b34c2e0f4207c42bcf85.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3612	1680	0532fa47d470b34c2e0f4207c42bcf85.exe	91
PID 1680 wrote to memory of 3612	1680	0532fa47d470b34c2e0f4207c42bcf85.exe	91
PID 1680 wrote to memory of 3612	1680	0532fa47d470b34c2e0f4207c42bcf85.exe	91

C:\Users\Admin\AppData\Local\Temp\0532fa47d470b34c2e0f4207c42bcf85.exe

Filesize
798KB

MD5
06b8baf3dc6d576c89456b2c84308f2e

SHA1
cec030c2125dbc9e71ee1cae3189dacd6f71ac16

SHA256
4059c3e4b9067aa4c54f4a6ad20589b1c88d5c9a2d2faf17e96b772b2e1145fe

SHA512
9670b69ee4e2eb19f62bd31a358d3098015a01ea0e9620a607f32097aaf1c90737416166c05f1541eece24baf2949a71ff9dfd72c0277ff1b83653209477e015

Download Submit
memory/1680-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1680-1-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/1680-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1680-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3612-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3612-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3612-14-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/3612-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/3612-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3612-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download