1a672c8877d2e1d44cce26adc046bebe9ed6bc1c8a7deeca0e071246de7312c2

Analysis

max time kernel
164s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:05

Target

15547ae4b1e586715689105719900a49.exe
Size

1.3MB
MD5

15547ae4b1e586715689105719900a49
SHA1

1bf14cd1adb4492df5d12b21425e7ca42af1349c
SHA256

1a672c8877d2e1d44cce26adc046bebe9ed6bc1c8a7deeca0e071246de7312c2
SHA512

7eeb86645a704d80797f4767b06ad7209701587911d103377c8f72ddde7a67eab266387ec114f866d33d9fc95c74922cfb0d67048548e3c65dbc29168d89799b
SSDEEP

24576:w/KKAThpRsUTcKWjsua+2npPGZLaKWI3bKqp7evG:BVp+aWjQXuZeKWGz7

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4476	15547ae4b1e586715689105719900a49.exe

Executes dropped EXE 1 IoCs

pid	Process
4476	15547ae4b1e586715689105719900a49.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4224-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000300000001e7e0-13.dat	upx
behavioral2/memory/4476-14-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4224	15547ae4b1e586715689105719900a49.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4224	15547ae4b1e586715689105719900a49.exe
4476	15547ae4b1e586715689105719900a49.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 4476	4224	15547ae4b1e586715689105719900a49.exe	96
PID 4224 wrote to memory of 4476	4224	15547ae4b1e586715689105719900a49.exe	96
PID 4224 wrote to memory of 4476	4224	15547ae4b1e586715689105719900a49.exe	96

C:\Users\Admin\AppData\Local\Temp\15547ae4b1e586715689105719900a49.exe

Filesize
256KB

MD5
a4a3791a2ae12c36301eb5796a155d24

SHA1
4a8cf43986aebb281b2b88c9c5831ab08e77659e

SHA256
d8cdb3771e0b83619e16284c5b506a6d1a471ee90677660f61e1836412dfb5a8

SHA512
11d228a04280af3eed029a606efd06f2c0108f7312789901638a3c19bad38865bfdf3629f34166f20bd9464833d1dfc09e3aabd655dc18d318b894a7e3de827e

Download Submit
memory/4224-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4224-1-0x0000000001C30000-0x0000000001D42000-memory.dmp

Filesize
1.1MB

Download
memory/4224-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4224-11-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4224-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4476-14-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4476-16-0x0000000001C90000-0x0000000001DA2000-memory.dmp

Filesize
1.1MB

Download
memory/4476-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4476-23-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download