a5824b3f5fed1b8b569e318162bc8c932fa67de50fa44b56b1d5162b88383558

Analysis

max time kernel
111s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:27

Target

0ffb31ebd0d52776535b2a1a152a4d83.exe
Size

1.5MB
MD5

0ffb31ebd0d52776535b2a1a152a4d83
SHA1

d4e833b0d1f03cdb4b950c4ba2758eb70c3dee61
SHA256

a5824b3f5fed1b8b569e318162bc8c932fa67de50fa44b56b1d5162b88383558
SHA512

801be9598e8335646f44f829f47808eefab84645645b93f466073f809a9c8b67410993dca806da25cd4ec99e8d5a1c95cbfa89c33d986bed2e990b7dfe1f6b09
SSDEEP

24576:xsdnrypp3f+aHPYuZ/1H5o+ukEAQ8AsPsRkXy33JitxOZcALwJ82sW:xs96lHPv11H5QAQ8As0RkXynJibWcALJ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1472	0ffb31ebd0d52776535b2a1a152a4d83.exe

Executes dropped EXE 1 IoCs

pid	Process
1472	0ffb31ebd0d52776535b2a1a152a4d83.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/732-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023214-11.dat	upx
behavioral2/memory/1472-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
732	0ffb31ebd0d52776535b2a1a152a4d83.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
732	0ffb31ebd0d52776535b2a1a152a4d83.exe
1472	0ffb31ebd0d52776535b2a1a152a4d83.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 732 wrote to memory of 1472	732	0ffb31ebd0d52776535b2a1a152a4d83.exe	48
PID 732 wrote to memory of 1472	732	0ffb31ebd0d52776535b2a1a152a4d83.exe	48
PID 732 wrote to memory of 1472	732	0ffb31ebd0d52776535b2a1a152a4d83.exe	48

C:\Users\Admin\AppData\Local\Temp\0ffb31ebd0d52776535b2a1a152a4d83.exe

Filesize
55KB

MD5
ade229100fef81fcf9cb5d2c3e975677

SHA1
8f58d05975e2a6f4a01538e2baaa0d62ae4d82ae

SHA256
b33aa57cb223a7846b231ce1f9b6ff8b1eb03a418bd1e47b1794bada05718c1d

SHA512
7cf9cb6e6593b08f066df91f13f0ab29a918ce944543779e22bf7a6ec1353d8286f38f2cb46af56a9e5bb475fdee3195a72297ac097a3d28b4994fe53a850dab

Download Submit
memory/732-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/732-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/732-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/732-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1472-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1472-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1472-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1472-21-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/1472-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1472-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download