d14b8c0645e5a7ad1d471d526038f871691c297068e8eb4d66e8a89229516d74

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 09:28

Target

1483b82426a1600b46440197bfa29750.exe
Size

2.9MB
MD5

1483b82426a1600b46440197bfa29750
SHA1

56231bb28de774d80fedf654f40ff1ff09bc5786
SHA256

d14b8c0645e5a7ad1d471d526038f871691c297068e8eb4d66e8a89229516d74
SHA512

2568e03827c3239166313c02e90a42c6eed4da99b5adfea43c55c5f15218819a9258ae84c173c1a7b48fefcd172829a9462a1551991cc22f9c7f1eeae6059cd2
SSDEEP

49152:e2LiRGJfNgOJjEk7dOGskAaPP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:e2LhfaOJyMAaPgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2772	1483b82426a1600b46440197bfa29750.exe

Executes dropped EXE 1 IoCs

pid	Process
2772	1483b82426a1600b46440197bfa29750.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5088-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e716-11.dat	upx
behavioral2/memory/2772-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5088	1483b82426a1600b46440197bfa29750.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5088	1483b82426a1600b46440197bfa29750.exe
2772	1483b82426a1600b46440197bfa29750.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 2772	5088	1483b82426a1600b46440197bfa29750.exe	91
PID 5088 wrote to memory of 2772	5088	1483b82426a1600b46440197bfa29750.exe	91
PID 5088 wrote to memory of 2772	5088	1483b82426a1600b46440197bfa29750.exe	91

C:\Users\Admin\AppData\Local\Temp\1483b82426a1600b46440197bfa29750.exe

Filesize
286KB

MD5
c2b320078881415523d30be603ab04fd

SHA1
c4bcabf6651136adfc8a88906988575e5cd9e2c4

SHA256
4e163a8eb3d77324da026c7459e724323d9c5d27bc5fbc9270d28bb83e4d88a9

SHA512
3a4e948f2bb7eb5a40db5e24c3ae6ab8c9c51909bdec3fe36907948c639b424316f02953856f6129947fe24eb89761213cf7f7dd3bf82ea8f7019d11643efdc5

Download Submit
memory/2772-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2772-14-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/2772-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2772-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5088-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5088-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5088-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5088-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download