aff4ea6da0be02a59491aa75993310a9c9960570ca4b599e61ee8ea27c05d6ee

Analysis

max time kernel
214s
max time network
223s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 09:13

Target

143683cdcac1c82307882b0e196574df.exe
Size

1.3MB
MD5

143683cdcac1c82307882b0e196574df
SHA1

ea04236b12e1eea34de763b80c2991bd37953796
SHA256

aff4ea6da0be02a59491aa75993310a9c9960570ca4b599e61ee8ea27c05d6ee
SHA512

07042ca24e6bc2f1b932d3cd0c434b278a0d76d9aabb2d38be1db4e98ac1a5a06b963a66c8b68566ced02be3edc92ccb95ba25859b47dd1e6f4d0a9d76353b72
SSDEEP

24576:Ef1YcS9eIMVarlf5z4VpmUQCt6h2ZWwetv6KeMgbjEvG:Ef9Ss0xhkbmT6VZPeFhG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2808	143683cdcac1c82307882b0e196574df.exe

Executes dropped EXE 1 IoCs

pid	Process
2808	143683cdcac1c82307882b0e196574df.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5044-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000d00000001e6f2-12.dat	upx
behavioral2/memory/2808-14-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5044	143683cdcac1c82307882b0e196574df.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5044	143683cdcac1c82307882b0e196574df.exe
2808	143683cdcac1c82307882b0e196574df.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 2808	5044	143683cdcac1c82307882b0e196574df.exe	92
PID 5044 wrote to memory of 2808	5044	143683cdcac1c82307882b0e196574df.exe	92
PID 5044 wrote to memory of 2808	5044	143683cdcac1c82307882b0e196574df.exe	92

C:\Users\Admin\AppData\Local\Temp\143683cdcac1c82307882b0e196574df.exe

Filesize
128KB

MD5
3b56a01cdc302e1a3db8c3a253b2573c

SHA1
9f3d17160698ed2316f562525befe79ad6e23c3e

SHA256
e2d187ccc66fc5365e0322c64f0b028f5bcda7f4e51278e73bd9bd3992620c78

SHA512
8f91ae217ba8607da1519558ced3b22f4d1d173daf2875f1667c910eb400d1715da02c2992e0108730f9d375987c40dc8c8d134ad59a61613c91777c3ca73003

Download Submit
memory/2808-14-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2808-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2808-15-0x0000000001C60000-0x0000000001D72000-memory.dmp

Filesize
1.1MB

Download
memory/2808-22-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/5044-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/5044-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/5044-1-0x0000000001C40000-0x0000000001D52000-memory.dmp

Filesize
1.1MB

Download
memory/5044-13-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download