24bcbc364a27cb6da85ce7dbc52f8bcc4e499640c22b8f422c320a293dba103b

Analysis

max time kernel
149s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:42

Target

0d4d174a48ccffc6c4478465951b36b8.exe
Size

5.8MB
MD5

0d4d174a48ccffc6c4478465951b36b8
SHA1

9bcfcbfcc54b6cf490ae425630d06e265c71bfef
SHA256

24bcbc364a27cb6da85ce7dbc52f8bcc4e499640c22b8f422c320a293dba103b
SHA512

66027a5b0f2dd9efe397e5ca19a48182f2546ce098f6e56133482c2027d60b6c093d377a1ddcccbe267b329aa747cc2dcaea1773e097272f511db9c6fddd925f
SSDEEP

98304:hJ+5qxTcLgdKA9GQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:hJ+5qx62GhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3320	0d4d174a48ccffc6c4478465951b36b8.exe

Executes dropped EXE 1 IoCs

pid	Process
3320	0d4d174a48ccffc6c4478465951b36b8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e7e0-11.dat	upx
behavioral2/memory/3320-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1480	0d4d174a48ccffc6c4478465951b36b8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1480	0d4d174a48ccffc6c4478465951b36b8.exe
3320	0d4d174a48ccffc6c4478465951b36b8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3320	1480	0d4d174a48ccffc6c4478465951b36b8.exe	92
PID 1480 wrote to memory of 3320	1480	0d4d174a48ccffc6c4478465951b36b8.exe	92
PID 1480 wrote to memory of 3320	1480	0d4d174a48ccffc6c4478465951b36b8.exe	92

C:\Users\Admin\AppData\Local\Temp\0d4d174a48ccffc6c4478465951b36b8.exe

Filesize
5.8MB

MD5
9341a23b8ed8d885f5d82fb8bf9c160f

SHA1
a6136585670a7e71704f9fafb7eb768b6b027431

SHA256
42a7d2349088f9cc614c7d7d0c62e92fae7cb8182ee7a8517fea872633c375b7

SHA512
d39f75c20d99619542a6cf7ba1df9699f00a60a355f05458da016e4408638acebc46313d044be982c761e90f884a4055fd388602ba1c4594dfe3af9198fa6c59

Download Submit
memory/1480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1480-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1480-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1480-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3320-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-15-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/3320-20-0x0000000005560000-0x000000000578A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3320-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download