f5ecceb31b8e95fd9ea0cd41ebd4a20becf1bd34ee8500d1957246a2e0ef3f91

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:12

Target

131a5f0eacbfbdf4f4c35e04b31c4fe1.exe
Size

3.9MB
MD5

131a5f0eacbfbdf4f4c35e04b31c4fe1
SHA1

944d5afb4a98e1b56650fb414f2a11028320d3ab
SHA256

f5ecceb31b8e95fd9ea0cd41ebd4a20becf1bd34ee8500d1957246a2e0ef3f91
SHA512

76184847118a6f444e8c4e1ae3cf9b99f2b7649f32e6d3e2d3f446619a3da60c7f363810bed1f461a880df645503a2cc5fa7f9e9a5c12896e4fb38d6e80481e2
SSDEEP

98304:ziMj0LS+dgDVcaqlMgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:ziMj0e+Whlhgl/iwgWttJgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5048	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe

Executes dropped EXE 1 IoCs

pid	Process
5048	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4316-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023216-11.dat	upx
behavioral2/memory/5048-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4316	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4316	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe
5048	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 5048	4316	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe	47
PID 4316 wrote to memory of 5048	4316	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe	47
PID 4316 wrote to memory of 5048	4316	131a5f0eacbfbdf4f4c35e04b31c4fe1.exe	47

C:\Users\Admin\AppData\Local\Temp\131a5f0eacbfbdf4f4c35e04b31c4fe1.exe

Filesize
64KB

MD5
81dce5abb986b3cbb8eb98ee747acb8a

SHA1
6aba5a34ae028933dffdda75ff6e4e30227cdbd6

SHA256
dda18bc034e7c8613c6d0579a5ae2d1b8c6a555842a6a47246adc19ff32b0ea5

SHA512
aca5b4a90f2931cdd9f468cf90685f0c0f03c64004dd61792a14509e63e326064cc09a0208e1ea2b0049f56d52872208a3a7693f0166831227b59d9d9c4cdc0c

Download Submit
memory/4316-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4316-1-0x0000000001DF0000-0x0000000001F23000-memory.dmp

Filesize
1.2MB

Download
memory/4316-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4316-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5048-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5048-15-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/5048-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/5048-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5048-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5048-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download