075b6b99baf431c397c664709a0e7290ba9750e5999109e77239e9aba6d47e7c

Analysis

max time kernel
190s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:45

Target

164f39732af9382a5bdb34ca1dd1c198.exe
Size

1.5MB
MD5

164f39732af9382a5bdb34ca1dd1c198
SHA1

cc32eb4add738a5a6402b2993513c66acdbc18bc
SHA256

075b6b99baf431c397c664709a0e7290ba9750e5999109e77239e9aba6d47e7c
SHA512

dc4b47f0f6988e105a415410cd647fed1f0afc03f6403726893371d0f10cac02aa3acab2cebd409f9a8387865253fd9baf68ceac4e53e0f28b6a41feb2aae936
SSDEEP

24576:JQ89DlmM0F25yXc0DIVJgDdqdpqXhlH/lyLW/hKcSmTjYM34DZk82nbXW:r5Ew5yXc0MVJIgPqRlHALW5qmQAgk

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2556	164f39732af9382a5bdb34ca1dd1c198.exe

Executes dropped EXE 1 IoCs

pid	Process
2556	164f39732af9382a5bdb34ca1dd1c198.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/740-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023136-11.dat	upx
behavioral2/memory/2556-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
740	164f39732af9382a5bdb34ca1dd1c198.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
740	164f39732af9382a5bdb34ca1dd1c198.exe
2556	164f39732af9382a5bdb34ca1dd1c198.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 2556	740	164f39732af9382a5bdb34ca1dd1c198.exe	92
PID 740 wrote to memory of 2556	740	164f39732af9382a5bdb34ca1dd1c198.exe	92
PID 740 wrote to memory of 2556	740	164f39732af9382a5bdb34ca1dd1c198.exe	92

C:\Users\Admin\AppData\Local\Temp\164f39732af9382a5bdb34ca1dd1c198.exe

Filesize
1.5MB

MD5
2a7e1fb0141b30c35b7d01deca3ce9bf

SHA1
45260111a9303d407053dfd4724ef435180b611f

SHA256
8a78bf636caa1876f4540f991230e75d357ef1d4b80ef1e2f7545bde652ac518

SHA512
0e4f140e19282a05f7b7c0da1d993f73fe93be047c8397d1efc8f3a2e9b8ee261026ab21ef04c2796f9a115fe746dcc063f0781163e8b35de83679a217bb3e3f

Download Submit
memory/740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/740-1-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/740-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/740-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2556-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-15-0x0000000001C30000-0x0000000001D63000-memory.dmp

Filesize
1.2MB

Download
memory/2556-20-0x0000000005530000-0x000000000575A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2556-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download