6b8919852d9593718a4020a2403e47801f38bc5604f1ba133bcfacc809723b05

Analysis

max time kernel
151s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:23

Target

0e5c66dc386a40c881e276c3011abad8.exe
Size

2.7MB
MD5

0e5c66dc386a40c881e276c3011abad8
SHA1

4d5d3bbea39d7e32e4de881fa5e320a847c2f364
SHA256

6b8919852d9593718a4020a2403e47801f38bc5604f1ba133bcfacc809723b05
SHA512

27f442de64441ef31b605f90ec88b1724930c88c15d185926f3a758e3445b09cb473cef8265117534f94e00b1ece88e89f98ce81b6a27f5d53b3a0e948da7f0e
SSDEEP

49152:LhVvY3U3dRLco8wxkas20qskXP5cUA8b/OWq6u2nepY8r3IhUKVkkd5TYGXGf:LvB3DLVQSP+rR6u2nepVRKVjUGXGf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4996	0e5c66dc386a40c881e276c3011abad8.exe

Executes dropped EXE 1 IoCs

pid	Process
4996	0e5c66dc386a40c881e276c3011abad8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4088-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023121-11.dat	upx
behavioral2/memory/4996-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4088	0e5c66dc386a40c881e276c3011abad8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4088	0e5c66dc386a40c881e276c3011abad8.exe
4996	0e5c66dc386a40c881e276c3011abad8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 4996	4088	0e5c66dc386a40c881e276c3011abad8.exe	91
PID 4088 wrote to memory of 4996	4088	0e5c66dc386a40c881e276c3011abad8.exe	91
PID 4088 wrote to memory of 4996	4088	0e5c66dc386a40c881e276c3011abad8.exe	91

C:\Users\Admin\AppData\Local\Temp\0e5c66dc386a40c881e276c3011abad8.exe

Filesize
1.1MB

MD5
e0f49fe7378b440b68ec8d2d7a5a5e48

SHA1
8deac381d41877f2fc8f3843882cfafcb7c57915

SHA256
27520592fc5f8f55e55755f5450e673ab6619db0802a733723a0abb060135398

SHA512
28f7163bcb9c4a5666f44536d97c8749219717b586b18b975931f446c2ccc2e1b49c26a97c148ecdceb2297259c1d30ee71cf2eaf897fb8d086fe917b9601f69

Download Submit
memory/4088-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4088-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/4088-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4088-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4996-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4996-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4996-14-0x0000000001DC0000-0x0000000001EF3000-memory.dmp

Filesize
1.2MB

Download
memory/4996-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4996-20-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/4996-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download