caaa0c57f040273d482fc154b9a2a736a8f00300ed25471723fed6ecaf57d596

Analysis

max time kernel
137s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 23:20

Target

06c030e3ea328d855071fdafa5f2523a.exe
Size

2.4MB
MD5

06c030e3ea328d855071fdafa5f2523a
SHA1

a55df7a05b8ce3849cc0b9718e42aedd4e57ea86
SHA256

caaa0c57f040273d482fc154b9a2a736a8f00300ed25471723fed6ecaf57d596
SHA512

828242af4ebb278bfc969bc6f89e7d6ad47f4b8c990279cc2647bbfd5019900b7940dc8a6524f75dfac500cd4993bcbd08e6fc0054a6cd3562ebb238a809ea2e
SSDEEP

49152:XnGqmfm+4zAL4p0lfoDTsNNYhLP4M338dB2IBlGuuDVUsdxxjr:XnGczAL4p0qTaNSgg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4548	06c030e3ea328d855071fdafa5f2523a.exe

Executes dropped EXE 1 IoCs

pid	Process
4548	06c030e3ea328d855071fdafa5f2523a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3504-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023216-11.dat	upx
behavioral2/memory/4548-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3504	06c030e3ea328d855071fdafa5f2523a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3504	06c030e3ea328d855071fdafa5f2523a.exe
4548	06c030e3ea328d855071fdafa5f2523a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 4548	3504	06c030e3ea328d855071fdafa5f2523a.exe	35
PID 3504 wrote to memory of 4548	3504	06c030e3ea328d855071fdafa5f2523a.exe	35
PID 3504 wrote to memory of 4548	3504	06c030e3ea328d855071fdafa5f2523a.exe	35

C:\Users\Admin\AppData\Local\Temp\06c030e3ea328d855071fdafa5f2523a.exe

Filesize
45KB

MD5
c54da9ae0a169e59cd965869d9d34b7a

SHA1
c55be1a3c36aebb56dba53c5562c72846e4b7d00

SHA256
814462cf39d238bf39e83022ccf03c7588c8e37cfff6abd81841047bca24c0db

SHA512
9a9155feebe73850938b5ae5437b009c762748cd37e6752d098e9eba278ce749859a06fda4de74d77d9a44b786a889a49b3febc6a089603355cddcb8ebb9be48

Download Submit
memory/3504-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3504-1-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/3504-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3504-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4548-14-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/4548-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4548-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4548-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/4548-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4548-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download