69e8a7c335ad0760b5ba89b6b918f67ef4676cdf40442c344a96e3a6a47805e1

Analysis

max time kernel
144s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:29

Target

06ef0e9c7fc04425abcbce61a26903b2.exe
Size

3.9MB
MD5

06ef0e9c7fc04425abcbce61a26903b2
SHA1

e8ca517d42a0d6193879fcec9da3c311f1a012b2
SHA256

69e8a7c335ad0760b5ba89b6b918f67ef4676cdf40442c344a96e3a6a47805e1
SHA512

7f4f2956d4ebaebc3c3668076f60d3791542a27409139d31fd2a6cceecb58a6f1fe0cd4a21fcff69522b2a34b9550e72865028381dfa446e98785b37dc8a9204
SSDEEP

98304:UkYCYvKGJW1Te5rg/ba0ygg3gnl/IVURsHzyHgg3gnl/IVUV:UMwnJW1TexObNWgl/ibulgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2124	06ef0e9c7fc04425abcbce61a26903b2.exe

Executes dropped EXE 1 IoCs

pid	Process
2124	06ef0e9c7fc04425abcbce61a26903b2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1788-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002322d-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1788	06ef0e9c7fc04425abcbce61a26903b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1788	06ef0e9c7fc04425abcbce61a26903b2.exe
2124	06ef0e9c7fc04425abcbce61a26903b2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2124	1788	06ef0e9c7fc04425abcbce61a26903b2.exe	20
PID 1788 wrote to memory of 2124	1788	06ef0e9c7fc04425abcbce61a26903b2.exe	20
PID 1788 wrote to memory of 2124	1788	06ef0e9c7fc04425abcbce61a26903b2.exe	20

C:\Users\Admin\AppData\Local\Temp\06ef0e9c7fc04425abcbce61a26903b2.exe

Filesize
109KB

MD5
b974e8baafdbe43918bb3b02ce92505f

SHA1
5136141448a55a0476182aec367137578836a308

SHA256
8d743bd13d56bcc4869053876ae4087b4bbbcda5156682a08b8b3c0a83e16a6a

SHA512
00b48ac4c915ef2cc54d74c0738b5ff0ddee86b026e6153b46f9ea490c83c5f64ce01658f96617216841e2f85b47a17976f6fbbbce38bb2bec626a9276e860d7

Download Submit
memory/1788-1-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/1788-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1788-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1788-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2124-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2124-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2124-21-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/2124-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2124-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2124-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download