24b62d7d1736b0516984a0fb846673613004892bc0de96693ad31c2c1dadf43b

Analysis

max time kernel
151s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:55

Target

0ad2e75ac2a8d43de24dfe9cbc037e01.exe
Size

1.5MB
MD5

0ad2e75ac2a8d43de24dfe9cbc037e01
SHA1

513604e38a7e7f5eaf3202d30888a55e82510ef8
SHA256

24b62d7d1736b0516984a0fb846673613004892bc0de96693ad31c2c1dadf43b
SHA512

acb1200852bc45f6ffce7c653604faac8c139a3dca51fd85b0f5afbf8eb8d6dacd71c817e4fe4f7cce0f1978557231e64f883091173f09c91f96f2435e5f2389
SSDEEP

24576:8R+ozmP5iTyqgzxq7Xd7vdhuUvFtD7Tktu4XnNFeDvRWzEnNP1vliTW:8MPRiTb6aZvfB/k043NFejJNNvQT

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3280	0ad2e75ac2a8d43de24dfe9cbc037e01.exe

Executes dropped EXE 1 IoCs

pid	Process
3280	0ad2e75ac2a8d43de24dfe9cbc037e01.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2972-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000224fc-11.dat	upx
behavioral2/memory/3280-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2972	0ad2e75ac2a8d43de24dfe9cbc037e01.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2972	0ad2e75ac2a8d43de24dfe9cbc037e01.exe
3280	0ad2e75ac2a8d43de24dfe9cbc037e01.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3280	2972	0ad2e75ac2a8d43de24dfe9cbc037e01.exe	35
PID 2972 wrote to memory of 3280	2972	0ad2e75ac2a8d43de24dfe9cbc037e01.exe	35
PID 2972 wrote to memory of 3280	2972	0ad2e75ac2a8d43de24dfe9cbc037e01.exe	35

C:\Users\Admin\AppData\Local\Temp\0ad2e75ac2a8d43de24dfe9cbc037e01.exe

Filesize
72KB

MD5
b7a480e0170377a3b333a67b34f9c47d

SHA1
e7a10d59d6f1e3dc33ba59e25d0d7fa3b981f787

SHA256
c200363077d7fdf3382915e82b6dcd9658348bf9ffd02d837b56b220279993a6

SHA512
d09da63b642a4c6af3586c03c6d8bc543fc8871d4d34f25dabc1650ec047c652db7d62bf1def067b24fb2e7e21e6907c797b2cf0fd7a64f7a86d5055cc80794a

Download Submit
memory/2972-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2972-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/2972-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2972-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3280-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3280-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3280-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3280-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3280-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/3280-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download