33f20dfe483ec72a0e96863106b41198c703699e59cd328e396677d10da23e57

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:01

Target

153ab098e29844e397609b81b3e9fc04.exe
Size

1.5MB
MD5

153ab098e29844e397609b81b3e9fc04
SHA1

ec653b383a365a6b83d79b0c0385a8ef28502a84
SHA256

33f20dfe483ec72a0e96863106b41198c703699e59cd328e396677d10da23e57
SHA512

dd802c234ed7709ba22ba53c26556aab558b6bc3f6e8217d3e98aa8994826f26ab8b8a38d215fe3e4c97a8cf4ecfcf38583e92615a1c763f7199add9b83d1592
SSDEEP

24576:2nwHf23OfJIqoW5rxIL+TXf/24faZT+5Z4Va5jINthlW:g6ffJlPzRP4kpcnl

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1448	153ab098e29844e397609b81b3e9fc04.exe

Executes dropped EXE 1 IoCs

pid	Process
1448	153ab098e29844e397609b81b3e9fc04.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4608-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4608	153ab098e29844e397609b81b3e9fc04.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4608	153ab098e29844e397609b81b3e9fc04.exe
1448	153ab098e29844e397609b81b3e9fc04.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 1448	4608	153ab098e29844e397609b81b3e9fc04.exe	89
PID 4608 wrote to memory of 1448	4608	153ab098e29844e397609b81b3e9fc04.exe	89
PID 4608 wrote to memory of 1448	4608	153ab098e29844e397609b81b3e9fc04.exe	89

C:\Users\Admin\AppData\Local\Temp\153ab098e29844e397609b81b3e9fc04.exe

Filesize
1.4MB

MD5
251d2204e5d8ce39c24bca92d8cef5af

SHA1
506696fa0386316af74bffd40e5e82585aeffe8d

SHA256
fa95690fbdc4cebc3bef4ea1a5353883d28664242d7464c22f0716a32fed842d

SHA512
f039c737f6b29f71f5a5485b2384b77879dc0543a1ecc114ecfdd6120fb5f3a7ba44861eeebbd125e14c3aedefd5832f9ada904a08e501557aea90e9bfaf2890

Download Submit
memory/1448-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1448-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1448-21-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/1448-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1448-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1448-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4608-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4608-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4608-1-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/4608-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download