51089d078f867ad4311c2fb0101b141e93ffd3370ec0a6324ff35bd9e36a8922

Analysis

max time kernel
165s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 23:18

Target

06b31ea7b3ef199210937db218b59325.exe
Size

2.7MB
MD5

06b31ea7b3ef199210937db218b59325
SHA1

b1952fda0179710adb82b70a44e7ad004e074b90
SHA256

51089d078f867ad4311c2fb0101b141e93ffd3370ec0a6324ff35bd9e36a8922
SHA512

cfa1098aa3b1b0b604075d8e5c8a41b3f7f253b7723a855ba60d0f007592f0a8da7a4cb0ebf4fd3aeb884ed69d1de0a3193b994dd5eecec7d7920d90698b8d9f
SSDEEP

49152:59bEXCkjVogC4NUKTjwYgfawN74NH5HUyNRcUsCVOzetdZk:zbEXCkpom3MYw4HBUCczzMO

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4620	06b31ea7b3ef199210937db218b59325.exe

Executes dropped EXE 1 IoCs

pid	Process
4620	06b31ea7b3ef199210937db218b59325.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a00000002303d-11.dat	upx
behavioral2/memory/4620-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1740	06b31ea7b3ef199210937db218b59325.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1740	06b31ea7b3ef199210937db218b59325.exe
4620	06b31ea7b3ef199210937db218b59325.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 4620	1740	06b31ea7b3ef199210937db218b59325.exe	90
PID 1740 wrote to memory of 4620	1740	06b31ea7b3ef199210937db218b59325.exe	90
PID 1740 wrote to memory of 4620	1740	06b31ea7b3ef199210937db218b59325.exe	90

C:\Users\Admin\AppData\Local\Temp\06b31ea7b3ef199210937db218b59325.exe

Filesize
2.7MB

MD5
9fcf16bc3506bf6a7bb33a6475b457a7

SHA1
433ac749653ab01eabeb368c7ed2eb98423f3b5b

SHA256
8cff4db342c1b31c4849da96c9420d7a06408aefa57a314c6b1610a9eea419bf

SHA512
f2de12e61ec4f8256b70ff5f5bdac1d3e095bc8335106ea33c0627434e28ccba883643d3150c0bcdf1a7d704a989f5a94d1cb53475e8e40d6c99dce36911f27c

Download Submit
memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1740-1-0x0000000001C40000-0x0000000001D73000-memory.dmp

Filesize
1.2MB

Download
memory/1740-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4620-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4620-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4620-14-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/4620-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/4620-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4620-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download