e5203022056fb93213d87cd82a081181c6abcdbdc1b1551441698d0f77d31bd2

Analysis

max time kernel
131s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:20

Target

15b7efe40667a8da268f02054732cd9b.exe
Size

56KB
MD5

15b7efe40667a8da268f02054732cd9b
SHA1

de1cf4db0513782fe00a7bf4645b98ba8dc57f79
SHA256

e5203022056fb93213d87cd82a081181c6abcdbdc1b1551441698d0f77d31bd2
SHA512

ec5038f00030f4c79d013da7109750f08b5478db74259841da20ab05573f74c78a046b463e8dfb27b2d2e4cef9e042f8bd2e1aa64fd24f31c3ce8c99b1a49122
SSDEEP

1536:QKeAaibBXdozfAo89RG06Ae6CQp4ohsVgz4MckwrDw:QrA7C8odApjx5z4f

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3128	15b7efe40667a8da268f02054732cd9b.exe

Executes dropped EXE 1 IoCs

pid	Process
3128	15b7efe40667a8da268f02054732cd9b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3656-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000600000001e71b-11.dat	upx
behavioral2/memory/3128-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3656	15b7efe40667a8da268f02054732cd9b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3656	15b7efe40667a8da268f02054732cd9b.exe
3128	15b7efe40667a8da268f02054732cd9b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3656 wrote to memory of 3128	3656	15b7efe40667a8da268f02054732cd9b.exe	88
PID 3656 wrote to memory of 3128	3656	15b7efe40667a8da268f02054732cd9b.exe	88
PID 3656 wrote to memory of 3128	3656	15b7efe40667a8da268f02054732cd9b.exe	88

C:\Users\Admin\AppData\Local\Temp\15b7efe40667a8da268f02054732cd9b.exe

Filesize
56KB

MD5
60c754f24cdfac8790d9286090ec3d6d

SHA1
3dacdfb372cfde388ce678a8870605e6bcf16443

SHA256
f4559fcead8755b00327af5b935b2b566a61d0278fa5dae6c664958d90ba363d

SHA512
90bd8b0e721f69908daf45bccbfb8ea5bb8b754aeff3f718df7cec071e540864876d3f4df5d579113425533f64ba6428f5ef73cc69f3d4cf776a0ca6c3cd2eab

Download Submit
memory/3128-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3128-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3128-15-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/3128-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3128-21-0x00000000001D0000-0x00000000001EB000-memory.dmp

Filesize
108KB

Download
memory/3128-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3656-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3656-1-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/3656-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3656-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download