33504da9488d7d1951a20cdf7b8a596fdf7c94ce30b673effb8d31657dc641cf

Analysis

max time kernel
166s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:14

Target

0ca7f8fd50329fff0069a342870732c6.exe
Size

1.3MB
MD5

0ca7f8fd50329fff0069a342870732c6
SHA1

ea080e53d15c6f7e3792de6e403e2398cac665ce
SHA256

33504da9488d7d1951a20cdf7b8a596fdf7c94ce30b673effb8d31657dc641cf
SHA512

a3486e44d7b8839e9aed8a7059c6c7efe872fe06203b9f218a6cea005f5fef56927bf510ce362b6a5d32714902bcad325caedf60dbddbb6133cfae8289cfc1d8
SSDEEP

24576:lOWyOdb6LTGa+JF1aVNKKam7ChonQ38Kv/X//0IvZauVOkPnAnwU9/9Us:lODPGJF1autT/XHDvZ5VOGn4/R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2468	0ca7f8fd50329fff0069a342870732c6.exe

Executes dropped EXE 1 IoCs

pid	Process
2468	0ca7f8fd50329fff0069a342870732c6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4032-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000200000001e7df-12.dat	upx
behavioral2/memory/2468-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4032	0ca7f8fd50329fff0069a342870732c6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4032	0ca7f8fd50329fff0069a342870732c6.exe
2468	0ca7f8fd50329fff0069a342870732c6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 2468	4032	0ca7f8fd50329fff0069a342870732c6.exe	95
PID 4032 wrote to memory of 2468	4032	0ca7f8fd50329fff0069a342870732c6.exe	95
PID 4032 wrote to memory of 2468	4032	0ca7f8fd50329fff0069a342870732c6.exe	95

C:\Users\Admin\AppData\Local\Temp\0ca7f8fd50329fff0069a342870732c6.exe

Filesize
1.3MB

MD5
c192d2ea5c510a1ab46bf47791f1267e

SHA1
3f6ba00de02b80bc1b29f3e214e5640b13c92460

SHA256
d9a4cf4525db41cad9705abb7e7fcc6e271fadbd38c5aa638223ae11265893ba

SHA512
72b449d488aa60d3c2b18e74b1435d424ffa6782206211eabcd6004f9a196e656fb3ea5c7982a4793e0463d8b8fe9b21ab8b9eb4a9500a64be333dff0aaf4df0

Download Submit
memory/2468-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2468-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2468-15-0x0000000001DC0000-0x0000000001EF1000-memory.dmp

Filesize
1.2MB

Download
memory/2468-21-0x00000000056B0000-0x00000000058D2000-memory.dmp

Filesize
2.1MB

Download
memory/2468-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2468-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4032-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4032-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4032-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4032-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download