7938bdfc7fecda1336f11c479b5c66265dd22df659f341cf3a428019ab9324b1

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:53

Target

150709bc70f0761e468047675d02a4cd.exe
Size

2.9MB
MD5

150709bc70f0761e468047675d02a4cd
SHA1

ea97167d27ad3f22a495bb9694abf759af60af40
SHA256

7938bdfc7fecda1336f11c479b5c66265dd22df659f341cf3a428019ab9324b1
SHA512

ac03508c5261d60a0e8f43d005887dd578032e30c108313d71535e37e7e77fec282cb5d1fb6ae8e2d35c49a148c3f40801a6b6e7d2c5ea98a0ef1ed766768a1b
SSDEEP

49152:MA+4zxv2OvGRJEieYu7v/nainzB9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:d+4zl2/01n1Hau42c1joCjMPkNwk6

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1928	150709bc70f0761e468047675d02a4cd.exe

Executes dropped EXE 1 IoCs

pid	Process
1928	150709bc70f0761e468047675d02a4cd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4804-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/1928-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231f5-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4804	150709bc70f0761e468047675d02a4cd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4804	150709bc70f0761e468047675d02a4cd.exe
1928	150709bc70f0761e468047675d02a4cd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1928	4804	150709bc70f0761e468047675d02a4cd.exe	90
PID 4804 wrote to memory of 1928	4804	150709bc70f0761e468047675d02a4cd.exe	90
PID 4804 wrote to memory of 1928	4804	150709bc70f0761e468047675d02a4cd.exe	90

C:\Users\Admin\AppData\Local\Temp\150709bc70f0761e468047675d02a4cd.exe

Filesize
85KB

MD5
4bda0073e62f8808ade1b779c3fd5c99

SHA1
6cb56ff24f32a82372905c475a5d2d179fed9aaf

SHA256
c68855cccd5f93d1f5558365dd05db327d0818b0ea1df998c905d6a80004fa2d

SHA512
b5ec537732d76fe89c62b8f076ebf216e80adfb7b7ea06b63c9a7a49cdf64d89d3d3d58a725035d3b48ac4476e2c0919881c6b84d7ae1395f7f187974c6a5388

Download Submit
memory/1928-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1928-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1928-15-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/1928-20-0x0000000005560000-0x000000000578A000-memory.dmp

Filesize
2.2MB

Download
memory/1928-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1928-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4804-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4804-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4804-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4804-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download