fb4049f1cbf38c779ee6dd169995f5b52e3f0fbbecdf91cc1988c7a874a22f20

Analysis

max time kernel
126s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:08

Target

0c837b8f6ca68ee32e0e7916a5731846.exe
Size

2.9MB
MD5

0c837b8f6ca68ee32e0e7916a5731846
SHA1

c139c7163f9fc39775d6b93e5aea8164e084cea8
SHA256

fb4049f1cbf38c779ee6dd169995f5b52e3f0fbbecdf91cc1988c7a874a22f20
SHA512

a9da09fa311a1d41f74a12e42fdaf0e4059fb4ad31edf374681c2b7c74f76ca374d696dd2c9adbcf5b6054c71a37b774e869ce35383277fde949a5f9c2d5949f
SSDEEP

49152:HD+tyDbS07WDZfbRET0C5g0pvpDMYFepN74NH5HUyNRcUsCVOzetdZJ:HDNbe1c0CmSpDMX4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4756	0c837b8f6ca68ee32e0e7916a5731846.exe

Executes dropped EXE 1 IoCs

pid	Process
4756	0c837b8f6ca68ee32e0e7916a5731846.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3712-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4756-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000002272c-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3712	0c837b8f6ca68ee32e0e7916a5731846.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3712	0c837b8f6ca68ee32e0e7916a5731846.exe
4756	0c837b8f6ca68ee32e0e7916a5731846.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 4756	3712	0c837b8f6ca68ee32e0e7916a5731846.exe	90
PID 3712 wrote to memory of 4756	3712	0c837b8f6ca68ee32e0e7916a5731846.exe	90
PID 3712 wrote to memory of 4756	3712	0c837b8f6ca68ee32e0e7916a5731846.exe	90

C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe

Filesize
173KB

MD5
d95df9270c4576b1d650ce383e873f9f

SHA1
24597764821b99d3c1a5bc5e7f1faa7d8125b63f

SHA256
87108f67891adb1f434c46a8d7f65aa2f2f2b9bacf0f5ed386783dcfd38d0dca

SHA512
a66ea87d5382ff90e1b2da2bb93949b7ec195f958206aa10f12b2822886fe083a5fba37b06d8c90b1fd3b1231bac84fab7e29e5f7e0491229355c668545b2f9c

Download Submit
memory/3712-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3712-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/3712-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3712-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4756-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4756-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4756-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4756-20-0x00000000056B0000-0x00000000058DA000-memory.dmp

Filesize
2.2MB

Download
memory/4756-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4756-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download