8c1ec2590138404a086b8819f7045f48e398f3d4de9e8037667981d2286f6fef

Analysis

max time kernel
146s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:23

Target

15c9360e4f2e659d915b53800b5684d9.exe
Size

1.5MB
MD5

15c9360e4f2e659d915b53800b5684d9
SHA1

9bd85383c02214a75a2cfcc584525cf9cb45fd87
SHA256

8c1ec2590138404a086b8819f7045f48e398f3d4de9e8037667981d2286f6fef
SHA512

3dfba863b607bd13e4903fb5c050e8d98e7b3fe40617b3a7223db052390f08d3d7f521ed18acd7083a00626e2e754a3dfebb03160176a6210a4819445190bbae
SSDEEP

24576:U84BxP42BPu8kxtfApDyDRC9gBxgLQSb34fBUj2u5uwQOLC4bfhLnLkdSW:R64782tfAtyDRHbgLQSb34fuD5u++4bh

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
32	15c9360e4f2e659d915b53800b5684d9.exe

Executes dropped EXE 1 IoCs

pid	Process
32	15c9360e4f2e659d915b53800b5684d9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1384-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7de-12.dat	upx
behavioral2/memory/32-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1384	15c9360e4f2e659d915b53800b5684d9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1384	15c9360e4f2e659d915b53800b5684d9.exe
32	15c9360e4f2e659d915b53800b5684d9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 32	1384	15c9360e4f2e659d915b53800b5684d9.exe	91
PID 1384 wrote to memory of 32	1384	15c9360e4f2e659d915b53800b5684d9.exe	91
PID 1384 wrote to memory of 32	1384	15c9360e4f2e659d915b53800b5684d9.exe	91

C:\Users\Admin\AppData\Local\Temp\15c9360e4f2e659d915b53800b5684d9.exe

Filesize
1.5MB

MD5
1ff64dbda56d2bcd3def07855e322b4e

SHA1
dbe71fd600d2d37744368580fc366310b1b6aa59

SHA256
6819e5be0167034d50600a8dcff5e25f728ffe2936eaf6a40534df765dec37f4

SHA512
e8c7af93db1165f3b8bbf5024d35420cd508aaaa9be0d63a5863115de818253ee9102ab33cf58c90b34fb8fef0f1c0b36fb9d8f9fbb86ebc81ca79828bf2289a

Download Submit
memory/32-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/32-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/32-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/32-22-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/32-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/32-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1384-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1384-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1384-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1384-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download