b4dae8d13304fb7ae3dfddd23865a8a73a69f549b422ef78a42c22f1b7b020e6

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:24

Target

0461a6bbb34ac95e2dd984da8a83ec1a.exe
Size

115KB
MD5

0461a6bbb34ac95e2dd984da8a83ec1a
SHA1

f36179a5f3007402e626a13a32211ef0bbed3399
SHA256

b4dae8d13304fb7ae3dfddd23865a8a73a69f549b422ef78a42c22f1b7b020e6
SHA512

856bde16443a26d0b340c022ee744a9db200d8ecdd0bc13bfe4e306180eb473144eec9ce97d702b368ee63362f2dc0028caea075c02c8aae21229dba5d856278
SSDEEP

3072:S2tamANMAPjXWVhjn822XbQTiEhJHcSTMHGBdmh:S2amqMMk9Jm0Tz5caZ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2700	0461a6bbb34ac95e2dd984da8a83ec1a.exe

Executes dropped EXE 1 IoCs

pid	Process
2700	0461a6bbb34ac95e2dd984da8a83ec1a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3880-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-13.dat	upx
behavioral2/memory/2700-15-0x0000000000400000-0x0000000000475000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3880	0461a6bbb34ac95e2dd984da8a83ec1a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3880	0461a6bbb34ac95e2dd984da8a83ec1a.exe
2700	0461a6bbb34ac95e2dd984da8a83ec1a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 2700	3880	0461a6bbb34ac95e2dd984da8a83ec1a.exe	88
PID 3880 wrote to memory of 2700	3880	0461a6bbb34ac95e2dd984da8a83ec1a.exe	88
PID 3880 wrote to memory of 2700	3880	0461a6bbb34ac95e2dd984da8a83ec1a.exe	88

C:\Users\Admin\AppData\Local\Temp\0461a6bbb34ac95e2dd984da8a83ec1a.exe

Filesize
115KB

MD5
f0c75310ecc92779d4a7a96e08ff6dea

SHA1
68f974c073003bccc22de6309038ec66ac4e2a8a

SHA256
aecab7881f90777511116db2ca99c9f38cd045bfc028ce092abe4b07c7665a78

SHA512
3fd51b3156fa5dcd57037bcb07a49b658dff24a7cde69587a8ed3a4b664083b44d8e3b4e58cbc0936fa0fa38d487e48555ce949c18ab07fb68f19805660ea311

Download Submit
memory/2700-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-16-0x0000000000190000-0x00000000001AD000-memory.dmp

Filesize
116KB

Download
memory/2700-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2700-28-0x0000000001660000-0x000000000167D000-memory.dmp

Filesize
116KB

Download
memory/2700-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3880-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3880-1-0x00000000001B0000-0x00000000001CD000-memory.dmp

Filesize
116KB

Download
memory/3880-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3880-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download