b7122051c697f1d3eccb933cb7698fd3df772b0adea2ac850b7b1dbaf9eecd70

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 03:04

Target

0c7074170eafa76287667493522fed74.exe
Size

2.4MB
MD5

0c7074170eafa76287667493522fed74
SHA1

d70632742e303f665ff16e4d0e537e484934a95a
SHA256

b7122051c697f1d3eccb933cb7698fd3df772b0adea2ac850b7b1dbaf9eecd70
SHA512

694ea9fb6fe79a331fe69b6ce8240277a97d30086ebf6132e514574a7a0f210b9b29788d4ad81ddfedd2f9f4accb8d5850599a3bea6bc3763d56e2f9001a5333
SSDEEP

49152:cNBy4eU2D7Rxf3e+modZJ3Jd07wmVCP4M338dB2IBlGuuDVUsdxxjr:c79Ybf3e+BdZJ3X08m4gg3gnl/IVUs1P

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1508	0c7074170eafa76287667493522fed74.exe

Executes dropped EXE 1 IoCs

pid	Process
1508	0c7074170eafa76287667493522fed74.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3732-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023146-11.dat	upx
behavioral2/memory/1508-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3732	0c7074170eafa76287667493522fed74.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3732	0c7074170eafa76287667493522fed74.exe
1508	0c7074170eafa76287667493522fed74.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 1508	3732	0c7074170eafa76287667493522fed74.exe	90
PID 3732 wrote to memory of 1508	3732	0c7074170eafa76287667493522fed74.exe	90
PID 3732 wrote to memory of 1508	3732	0c7074170eafa76287667493522fed74.exe	90

C:\Users\Admin\AppData\Local\Temp\0c7074170eafa76287667493522fed74.exe

Filesize
2.4MB

MD5
579b765fabe03fd02c663c925c0fe900

SHA1
83ab1ac686bf12802dd511b833de2c762e3d5fbc

SHA256
4bc554bb3dd78a78c5baf77d2524d4bf6e4813adec2f4742ecf4b875e794aff5

SHA512
81952f046eded4580586cce95344f07ea242d750ee15092eae30d9bf310e32110ef2b0332297eed437c4acc6b138d76d51a2ed97d5c0d22323df78e75cf04cee

Download Submit
memory/1508-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1508-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1508-14-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/1508-20-0x00000000056B0000-0x00000000058DA000-memory.dmp

Filesize
2.2MB

Download
memory/1508-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1508-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3732-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3732-1-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/3732-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download