66c4b3bda6166699c286b6aa859c21fb960cee9e5402d3a0c69aa7e75607a94a

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:33

Target

05b7fdf1c434d6adfbd6daa137611057.exe
Size

355KB
MD5

05b7fdf1c434d6adfbd6daa137611057
SHA1

f8d3b5c1818a1699b8557a63fec3fdd91f2a9eae
SHA256

66c4b3bda6166699c286b6aa859c21fb960cee9e5402d3a0c69aa7e75607a94a
SHA512

8f44bd1fc46f5196900a8783620d122c6af4aff1fcc2913b70d3674be19bc5557e4fb2ddc4c5a58f5b795048ade50d2358885d8684401fc9242d94a09680c89e
SSDEEP

6144:EQg6R6F9j4z7WHf09RbMOs02+NfOV9ddrFm6UvjaEo+8NfWxU5k1nqSZK3LR:Jg6ZzS89qODdG9ddrILrCfWxwh3LR

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5800-0-0x0000000000400000-0x00000000004DB000-memory.dmp	upx
behavioral2/memory/5800-2-0x0000000000400000-0x00000000004DB000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5800	05b7fdf1c434d6adfbd6daa137611057.exe
5800	05b7fdf1c434d6adfbd6daa137611057.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
5800	05b7fdf1c434d6adfbd6daa137611057.exe
5800	05b7fdf1c434d6adfbd6daa137611057.exe

memory/5800-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/5800-1-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/5800-2-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/5800-4-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download