f68c59c92102c7d5c6f6296680a42da562c2b241243efa0a0b74d0492b8a8363

Analysis

max time kernel
151s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:42

Target

2065b8647d62c3963d7104773b85de86.exe
Size

5.8MB
MD5

2065b8647d62c3963d7104773b85de86
SHA1

850236a06177b81081a32dade04d9abce11d44dc
SHA256

f68c59c92102c7d5c6f6296680a42da562c2b241243efa0a0b74d0492b8a8363
SHA512

a0d17adfe94fb991992958c710de8f079fd4da1c0e91672c8b554ed33a1be13b27eb14ce37cacd8085055d1bcc787196ab1979d90ae2ebd0f992396114e6f57e
SSDEEP

98304:mz68VGA0L3z6Hau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:mz6U0Qauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1396	2065b8647d62c3963d7104773b85de86.exe

Executes dropped EXE 1 IoCs

pid	Process
1396	2065b8647d62c3963d7104773b85de86.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3864-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/1396-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023203-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3864	2065b8647d62c3963d7104773b85de86.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3864	2065b8647d62c3963d7104773b85de86.exe
1396	2065b8647d62c3963d7104773b85de86.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 1396	3864	2065b8647d62c3963d7104773b85de86.exe	92
PID 3864 wrote to memory of 1396	3864	2065b8647d62c3963d7104773b85de86.exe	92
PID 3864 wrote to memory of 1396	3864	2065b8647d62c3963d7104773b85de86.exe	92

C:\Users\Admin\AppData\Local\Temp\2065b8647d62c3963d7104773b85de86.exe

Filesize
1.9MB

MD5
dd4c559c7a97271857163d620a767b72

SHA1
b5f12bb2442b2ab75435e4fcd62c858b10ac2b42

SHA256
74714b6bb7ff1ed379410dfb9cd3df2b66f2d27ed5b67d0614a9e0d6069eb675

SHA512
3f5c29590ed96a57ca970de4bffafbc88550009451a661b68e9e2acf1f8e55c862b9c5b3f1c02eca31d320d4a33cd33787c550edceb29f3f121dd01edd5e80a7

Download Submit
memory/1396-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1396-15-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/1396-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1396-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/1396-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1396-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3864-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3864-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3864-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3864-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download