5cf74525eb0425c0f56453101cdfa2184af21fa94c012a4e10b1f4eeb8bf6065

Analysis

max time kernel
139s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:00

Target

050a082dfa6f66617f3ce8bedc02b97b.exe
Size

1.8MB
MD5

050a082dfa6f66617f3ce8bedc02b97b
SHA1

3160f77441ecd75918d3d74e63c275ecdf3508bd
SHA256

5cf74525eb0425c0f56453101cdfa2184af21fa94c012a4e10b1f4eeb8bf6065
SHA512

00d1737bbbad8dbc5b8cbfb4363e87162ac2992cf2d4bcba5860ac37207964f4374733f0c0d72a12e7995d9f2529dd1b22214e0916133c6e389d43bd25e4aa9b
SSDEEP

49152:/M5D2KZgkuOIE5VUPYgk5CgC4DdVbhOwP:E5D2aOOhVUP99kdthOm

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1176	050a082dfa6f66617f3ce8bedc02b97b.exe

Executes dropped EXE 1 IoCs

pid	Process
1176	050a082dfa6f66617f3ce8bedc02b97b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023242-11.dat	upx
behavioral2/memory/1176-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4948	050a082dfa6f66617f3ce8bedc02b97b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4948	050a082dfa6f66617f3ce8bedc02b97b.exe
1176	050a082dfa6f66617f3ce8bedc02b97b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 1176	4948	050a082dfa6f66617f3ce8bedc02b97b.exe	93
PID 4948 wrote to memory of 1176	4948	050a082dfa6f66617f3ce8bedc02b97b.exe	93
PID 4948 wrote to memory of 1176	4948	050a082dfa6f66617f3ce8bedc02b97b.exe	93

C:\Users\Admin\AppData\Local\Temp\050a082dfa6f66617f3ce8bedc02b97b.exe

Filesize
942KB

MD5
5eb8085883b0a7a570d2154ebee71d43

SHA1
efcc1210d0e8a754a2671a4df62e9405d1cba2b5

SHA256
75a47b3f2c76485f8f70c1818c88c0634a50578cae04009b69d5a6e59b7f6b2d

SHA512
f0defde362b9b036b2084db2eb9ef6207166f6b7230bf2df708c4dd1157c239e6f645a565d234f019e83ac84079a5cc32ec7d67a1183a93089395d60f66479a5

Download Submit
memory/1176-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1176-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1176-14-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1176-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/1176-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1176-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4948-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4948-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4948-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download