e7dc28ccca42632391d0186da5921cc6c6a95eb36018f3f08ab6dea05e19eae0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:52

Target

0abb7d6d0645959eb21739eb75aaeb65.exe
Size

1.3MB
MD5

0abb7d6d0645959eb21739eb75aaeb65
SHA1

1918d8ff74d56bf8734be99217946bddbce43ca4
SHA256

e7dc28ccca42632391d0186da5921cc6c6a95eb36018f3f08ab6dea05e19eae0
SHA512

a95c4d0318522a05e9f83d9b8e27e66748fa40afa2519411122370067bc3d8a0e6f042c387f6dcbc4860d9759704db283b670170ccaf055ebf817b38e527b7e4
SSDEEP

24576:3Q9hVxyHCRRmQgr25dwam2iQhhiNzDmQq0T6+tHkv+Pd2rwFxYWc:g9hBRRmQga5d82hh0V80T9FzewTYp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3324	0abb7d6d0645959eb21739eb75aaeb65.exe

Executes dropped EXE 1 IoCs

pid	Process
3324	0abb7d6d0645959eb21739eb75aaeb65.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2476-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3324-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	0abb7d6d0645959eb21739eb75aaeb65.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2476	0abb7d6d0645959eb21739eb75aaeb65.exe
3324	0abb7d6d0645959eb21739eb75aaeb65.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 3324	2476	0abb7d6d0645959eb21739eb75aaeb65.exe	19
PID 2476 wrote to memory of 3324	2476	0abb7d6d0645959eb21739eb75aaeb65.exe	19
PID 2476 wrote to memory of 3324	2476	0abb7d6d0645959eb21739eb75aaeb65.exe	19

C:\Users\Admin\AppData\Local\Temp\0abb7d6d0645959eb21739eb75aaeb65.exe

Filesize
1.3MB

MD5
cd40019d02bb7d69c930616884402691

SHA1
0a7fda010738059456f703502dea753f81ea16b4

SHA256
f8b90183ef8e6be74aae7e38599f7c9297fc20743e58b1dd3227e595a6b01e2c

SHA512
64d59874adac698105bf7212ea7537b3b20efa21f2896a3d9aca1d1a8e8486aa5b55ba13db39361fa99526fc19c827aa1a42c14e1d221caa4cff751c43457a47

Download Submit
memory/2476-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2476-1-0x0000000001E40000-0x0000000001F73000-memory.dmp

Filesize
1.2MB

Download
memory/2476-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2476-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3324-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3324-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/3324-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3324-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3324-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3324-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download