eaa47b7774677b023ae0a53afd136fb9e3b39d60d68649db0d59f8e599d613c9

Analysis

max time kernel
166s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:16

Target

1fb47bccf43b6bf050159bebc32257a6.exe
Size

10.6MB
MD5

1fb47bccf43b6bf050159bebc32257a6
SHA1

00168250b5241cb05b3a4f35355da4e9a891f4bc
SHA256

eaa47b7774677b023ae0a53afd136fb9e3b39d60d68649db0d59f8e599d613c9
SHA512

690f5e640919aafd9731f733fb49141255992ccdd29259f66c3c8105afbb0d3c46eb0b080d2ae173cf038b271683d9b21be78be1b322e0c6e9c2cee8160e4e1c
SSDEEP

196608:lBC1Wk2qGtyB/rnCeKaRz+wnXGtyB/rnC1tzBxbnBGtyB/rnCeKaRz+wnXGtyB/Y:HOWaGtyB/r3TRnGtyB/rwtzXBGtyB/rS

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
316	1fb47bccf43b6bf050159bebc32257a6.exe

Executes dropped EXE 1 IoCs

pid	Process
316	1fb47bccf43b6bf050159bebc32257a6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/316-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023228-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5008	1fb47bccf43b6bf050159bebc32257a6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5008	1fb47bccf43b6bf050159bebc32257a6.exe
316	1fb47bccf43b6bf050159bebc32257a6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 316	5008	1fb47bccf43b6bf050159bebc32257a6.exe	93
PID 5008 wrote to memory of 316	5008	1fb47bccf43b6bf050159bebc32257a6.exe	93
PID 5008 wrote to memory of 316	5008	1fb47bccf43b6bf050159bebc32257a6.exe	93

C:\Users\Admin\AppData\Local\Temp\1fb47bccf43b6bf050159bebc32257a6.exe

Filesize
834KB

MD5
d707cb259afbb385a417dbe7333623c9

SHA1
b4436fb641ea2671d19ffa53bf59a54ed488eb9d

SHA256
6fe7cf8dcc0476a5f7321b576a50a1d3a914c65422f0095e5b1df7ffd61ecea3

SHA512
4c65f7a4ed943783d36c2d63b6a1752a9800225594923708bdadeed2306366c09e0c06c9af4d95aeb127c129ae390eba6b0c51d5e3ac662ef5f62efa55fd820f

Download Submit
memory/316-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/316-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/316-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/316-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/316-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/316-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5008-1-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/5008-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5008-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download