bc754b50caa691cfd8a50bc88ae1820bd5ad1cf0c703886d330ef7cabbfad271

Analysis

max time kernel
145s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:25

Target

15d9b94a64e593395443eca8eef69065.exe
Size

2.9MB
MD5

15d9b94a64e593395443eca8eef69065
SHA1

fd6c5dc6172624e4b4ca3988bd2a247409e2b722
SHA256

bc754b50caa691cfd8a50bc88ae1820bd5ad1cf0c703886d330ef7cabbfad271
SHA512

e5d6dd1f92b530924a85d76682cd396a25ff3e46f5665f7b9073754593b8370583b88b842609570876275ee32e6f6888a80d97d0272c8f6fa842fe1db81a4698
SSDEEP

49152:xC29GpOQGssyHUno/a0NF1ZTPON74NH5HUyNRcUsCVOzetdZJ:xX9GpbsysoX71Zq4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1412	15d9b94a64e593395443eca8eef69065.exe

Executes dropped EXE 1 IoCs

pid	Process
1412	15d9b94a64e593395443eca8eef69065.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e7de-11.dat	upx
behavioral2/memory/1412-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2044	15d9b94a64e593395443eca8eef69065.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2044	15d9b94a64e593395443eca8eef69065.exe
1412	15d9b94a64e593395443eca8eef69065.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1412	2044	15d9b94a64e593395443eca8eef69065.exe	93
PID 2044 wrote to memory of 1412	2044	15d9b94a64e593395443eca8eef69065.exe	93
PID 2044 wrote to memory of 1412	2044	15d9b94a64e593395443eca8eef69065.exe	93

C:\Users\Admin\AppData\Local\Temp\15d9b94a64e593395443eca8eef69065.exe

Filesize
2.9MB

MD5
a63e641203a12c14ae80399b4e658b7e

SHA1
324ab725be22e948eed84ac9b197b91e0b7a9059

SHA256
f62ea264b798530cb17430a0c2b14c8140f4c7afbd452553a6b00fc5e0f3205e

SHA512
eada3c9f248d1c132d6c8a0606639187694f82f9e6a942c382fe3a988eb6c0009346609c7a1a98b3d12800d640175d61b20339d781a422ca6bf66afa7feef4f3

Download Submit
memory/1412-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1412-14-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/1412-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1412-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2044-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download