ac7176554d7ae30143aea9da636af584a372dbfed1a2e8d5f0f4aff7bcb3fef5

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:29

Target

0478a669b53eb7cee01d54f99a4996cf.exe
Size

100KB
MD5

0478a669b53eb7cee01d54f99a4996cf
SHA1

d37b20eacdb912d039b8294bafeb808c2c5ea6e2
SHA256

ac7176554d7ae30143aea9da636af584a372dbfed1a2e8d5f0f4aff7bcb3fef5
SHA512

20cb2c95e901b9bbf190a32fe8e715a21abb6809f19b0020659c7c9a078dd39a2dfd48a93dda088646e180ea6cccb1b01eff5ad8428ba431a0b499d3818037dd
SSDEEP

1536:ysuHhi9EpmecjOEDA4atlc9fcK/2RKLHa18FkqS/11ar1Mh4HZmWep:Hui9E4fA4atQd/MKja+Y/110Mm5mrp

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3452-0-0x0000000000400000-0x0000000000436000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3452	0478a669b53eb7cee01d54f99a4996cf.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 4700	3452	0478a669b53eb7cee01d54f99a4996cf.exe	35
PID 3452 wrote to memory of 4700	3452	0478a669b53eb7cee01d54f99a4996cf.exe	35
PID 3452 wrote to memory of 4700	3452	0478a669b53eb7cee01d54f99a4996cf.exe	35
PID 3452 wrote to memory of 4700	3452	0478a669b53eb7cee01d54f99a4996cf.exe	35
PID 3452 wrote to memory of 4700	3452	0478a669b53eb7cee01d54f99a4996cf.exe	35

memory/3452-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3452-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3452-4-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3452-3-0x0000000000420000-0x000000000042E000-memory.dmp

Filesize
56KB

Download
memory/3452-1-0x0000000000A50000-0x0000000000A52000-memory.dmp

Filesize
8KB

Download