164817b4b508330a09699ffb86ddd8f1cacced99986dd3ae799119f7bb2f5bb4

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:59

Target

06521b0bec2c03cdd65dbea2c8cf1e0b.exe
Size

5.8MB
MD5

06521b0bec2c03cdd65dbea2c8cf1e0b
SHA1

c588b38c2530676d62ca8d66f13d93783fefaae3
SHA256

164817b4b508330a09699ffb86ddd8f1cacced99986dd3ae799119f7bb2f5bb4
SHA512

763aa4a162ae4c1cfb695d877b8442173b176ddd67095430dd3c579198410620ed6aa87d9db44c1525012bc9d74b0afbfd301397c3010a391a99de2fc1e92f52
SSDEEP

98304:57E5eKg/zAIcQ5r4HBUCczzM3lFQ02kPB/E4HBUCczzM3:570gkLmkWCfQ02kP1bWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2644	06521b0bec2c03cdd65dbea2c8cf1e0b.exe

Executes dropped EXE 1 IoCs

pid	Process
2644	06521b0bec2c03cdd65dbea2c8cf1e0b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2644-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000c00000002316a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	06521b0bec2c03cdd65dbea2c8cf1e0b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2760	06521b0bec2c03cdd65dbea2c8cf1e0b.exe
2644	06521b0bec2c03cdd65dbea2c8cf1e0b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2644	2760	06521b0bec2c03cdd65dbea2c8cf1e0b.exe	22
PID 2760 wrote to memory of 2644	2760	06521b0bec2c03cdd65dbea2c8cf1e0b.exe	22
PID 2760 wrote to memory of 2644	2760	06521b0bec2c03cdd65dbea2c8cf1e0b.exe	22

C:\Users\Admin\AppData\Local\Temp\06521b0bec2c03cdd65dbea2c8cf1e0b.exe

Filesize
92KB

MD5
cea417866227d59ef0cbaf0181bb5ac5

SHA1
b921e6055ac51ad1801c22699363edd57315eb43

SHA256
9f53c147cf676b9499ffda53cb13de86e566ddbfa5e031aadc2c89508c7ba6bc

SHA512
0fcaef35c21c17f5c5cbcb1c1c0777229af359d9d477e18f592c920ea25561aa29df8a90ef8a02e317a62a0ac162eeeb750b21af7fdf690a4b8fe3fb0c69253c

Download Submit
memory/2644-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2644-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2644-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/2644-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2760-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2760-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2760-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download