ccb541df992dfefa68921b5226ac5b52d7c2953e58e359224d02b3c3e2340f89

Analysis

max time kernel
144s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 00:33

Target

08add932c5ce1ce7d49f13143b84e7a5.exe
Size

1.3MB
MD5

08add932c5ce1ce7d49f13143b84e7a5
SHA1

144e192e429deaa12d670e095466136808f907ed
SHA256

ccb541df992dfefa68921b5226ac5b52d7c2953e58e359224d02b3c3e2340f89
SHA512

2a5d3c95ddd70924c20b971a2a13d151f8b958f4d362ef32d8d66387b1b90e29545d1b4f95edc18f6c71b6524015feede8896b2e61350466a12cf6c70666282e
SSDEEP

24576:TxxoGEzRjGLmib0tzd9ZdrYEfjr72QydIy9L8upUMq9iZoRxnx2BTFdvWO:TwGEzRqL1bGTdlff72QCIyZ8DX9iGRnY

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3716	08add932c5ce1ce7d49f13143b84e7a5.exe

Executes dropped EXE 1 IoCs

pid	Process
3716	08add932c5ce1ce7d49f13143b84e7a5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4344-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7e0-11.dat	upx
behavioral2/memory/3716-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4344	08add932c5ce1ce7d49f13143b84e7a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4344	08add932c5ce1ce7d49f13143b84e7a5.exe
3716	08add932c5ce1ce7d49f13143b84e7a5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 3716	4344	08add932c5ce1ce7d49f13143b84e7a5.exe	92
PID 4344 wrote to memory of 3716	4344	08add932c5ce1ce7d49f13143b84e7a5.exe	92
PID 4344 wrote to memory of 3716	4344	08add932c5ce1ce7d49f13143b84e7a5.exe	92

C:\Users\Admin\AppData\Local\Temp\08add932c5ce1ce7d49f13143b84e7a5.exe

Filesize
1.3MB

MD5
38b06b7d3a7fdcc0d03e622a6292d8a0

SHA1
99a87d5f989fbfdacbee9c25eac0d785e3334772

SHA256
73106a9979cd220b725100c950cf77231705da5dc7f39479a92340da5363554f

SHA512
c9d2d388d6d2fc816d093d77558faf76b625d113c4e0497ec73fb743218f1b9062d01dd56cfe98e398129e31e8e84ce851562a3c22f3ce6312e8da12bde00ed1

Download Submit
memory/3716-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3716-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3716-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3716-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/3716-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3716-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4344-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4344-1-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/4344-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4344-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download