e0eed2591854e891918ace5a80ed31a2274f1dd206e1beb03eadacf639df64ca

Analysis

max time kernel
135s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:47

Target

20879479e4f46888a7bb5d6a3a946900.exe
Size

2.9MB
MD5

20879479e4f46888a7bb5d6a3a946900
SHA1

ef0cef3bf3c680599fe477f1ec34585571a2bf48
SHA256

e0eed2591854e891918ace5a80ed31a2274f1dd206e1beb03eadacf639df64ca
SHA512

f381398b842b02b24b12c7592f8253c89ed721efef63d340f2830063256a9309c5cd7c2906ca9f11a227596bdbab57a593baff38e746dea21653c26aaaf688ed
SSDEEP

49152:Iw7xM9pM/UBMaBjndAPGITVCD5P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vsM/UFlni6D5gg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4992	20879479e4f46888a7bb5d6a3a946900.exe

Executes dropped EXE 1 IoCs

pid	Process
4992	20879479e4f46888a7bb5d6a3a946900.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2092-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231eb-11.dat	upx
behavioral2/memory/4992-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2092	20879479e4f46888a7bb5d6a3a946900.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2092	20879479e4f46888a7bb5d6a3a946900.exe
4992	20879479e4f46888a7bb5d6a3a946900.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 4992	2092	20879479e4f46888a7bb5d6a3a946900.exe	94
PID 2092 wrote to memory of 4992	2092	20879479e4f46888a7bb5d6a3a946900.exe	94
PID 2092 wrote to memory of 4992	2092	20879479e4f46888a7bb5d6a3a946900.exe	94

C:\Users\Admin\AppData\Local\Temp\20879479e4f46888a7bb5d6a3a946900.exe

Filesize
2.4MB

MD5
a976c48874b3fe4caec4b6a89d81102b

SHA1
08eb7a5eb599ab817dd27fe10147a052d815cd10

SHA256
669c5ea09782f925b8218ba13ee58721a55e801d6af4983224c013d47ca2042f

SHA512
849ef648b9b829e55c6c328bcb5bd5e1476dbaad156fcb183186398b90576a7ddb40485cb5bd122a0f41307d6bc2c3b96c568c78dfa30e808904ef166bd9df05

Download Submit
memory/2092-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2092-1-0x0000000001E00000-0x0000000001F33000-memory.dmp

Filesize
1.2MB

Download
memory/2092-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2092-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4992-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4992-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4992-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4992-20-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/4992-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4992-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download