72cc4691cfd32c941a772d776503f965eb2ab10425faa4e3016989ce1972076d

Analysis

max time kernel
151s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:49

Target

0619b9a3379ea016dce780aa14dddcac.exe
Size

1.3MB
MD5

0619b9a3379ea016dce780aa14dddcac
SHA1

e651d1f724210ab3012598c21c34ebd5a6ddc6a0
SHA256

72cc4691cfd32c941a772d776503f965eb2ab10425faa4e3016989ce1972076d
SHA512

dbc2e363e5c1c91f0c4def73156fedd2ac45a93f77f7948c07ee2c733a4ae3af2d323c1ccc501c4631e11c29cbcd7c85a4f81265c68c73859fd41b6061b5986a
SSDEEP

24576:aCdXQMcI0inrfQ0WNOg6D9dqSFlxWogfnAa9/39ZvhuOnH0r6KTCs2KU9/9Us:aE8iToNrYjOogl3XZVFvtR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3128	0619b9a3379ea016dce780aa14dddcac.exe

Executes dropped EXE 1 IoCs

pid	Process
3128	0619b9a3379ea016dce780aa14dddcac.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2220-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/3128-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0008000000023126-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2220	0619b9a3379ea016dce780aa14dddcac.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2220	0619b9a3379ea016dce780aa14dddcac.exe
3128	0619b9a3379ea016dce780aa14dddcac.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3128	2220	0619b9a3379ea016dce780aa14dddcac.exe	55
PID 2220 wrote to memory of 3128	2220	0619b9a3379ea016dce780aa14dddcac.exe	55
PID 2220 wrote to memory of 3128	2220	0619b9a3379ea016dce780aa14dddcac.exe	55

C:\Users\Admin\AppData\Local\Temp\0619b9a3379ea016dce780aa14dddcac.exe

Filesize
89KB

MD5
3ac4eaee5f16bc6862399f00ee2f28c9

SHA1
cb45ab496281d48ad8f58d9826e4d5909a4378c9

SHA256
31d0032bc38fb93b6d86cec48c20727e965a14f712cf0c1d21094bdfe5d84046

SHA512
ebbac6a5581c78eecbc47dc06b050415fc4372c56af63b420422854a9781c06d8a0ba649e833d8aaad9264e3fa0086aa049a7e2185aed9a740f9518cd5eb682c

Download Submit
memory/2220-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2220-1-0x0000000001C30000-0x0000000001D61000-memory.dmp

Filesize
1.2MB

Download
memory/2220-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2220-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3128-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3128-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3128-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3128-20-0x0000000005500000-0x0000000005722000-memory.dmp

Filesize
2.1MB

Download
memory/3128-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3128-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download