5f29d81b9c210b4ca81bf2d7be7b3bb004fa1076068767479a3f705763939efd

Analysis

max time kernel
147s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:53

Target

168177d3b5f07ec5df7c0e4ebeffa87d.exe
Size

2.9MB
MD5

168177d3b5f07ec5df7c0e4ebeffa87d
SHA1

a54977665cf7d9bb679912c0fc47c8a3d888638e
SHA256

5f29d81b9c210b4ca81bf2d7be7b3bb004fa1076068767479a3f705763939efd
SHA512

40b1f2f45350ef239b868264fe7a1a1cc84e3d0a7d2f679dff29bf9461c8500b63fa03225d71b827a503fb7735158cb70b89c603cb73474400582bb8aea2f04a
SSDEEP

49152:ytUZvh9zM2ohwYI1HoI+U/XwqqQpSokV/UPJKwzQaD1a/D+dJd/DJt:Rhod4H0OgNQARV/URKhyphDJt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2348	168177d3b5f07ec5df7c0e4ebeffa87d.exe

Executes dropped EXE 1 IoCs

pid	Process
2348	168177d3b5f07ec5df7c0e4ebeffa87d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7dd-11.dat	upx
behavioral2/memory/2348-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2948	168177d3b5f07ec5df7c0e4ebeffa87d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2948	168177d3b5f07ec5df7c0e4ebeffa87d.exe
2348	168177d3b5f07ec5df7c0e4ebeffa87d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2348	2948	168177d3b5f07ec5df7c0e4ebeffa87d.exe	93
PID 2948 wrote to memory of 2348	2948	168177d3b5f07ec5df7c0e4ebeffa87d.exe	93
PID 2948 wrote to memory of 2348	2948	168177d3b5f07ec5df7c0e4ebeffa87d.exe	93

C:\Users\Admin\AppData\Local\Temp\168177d3b5f07ec5df7c0e4ebeffa87d.exe

Filesize
2.9MB

MD5
15bf4d645b744d5b6857b398ffb3a586

SHA1
eaf971ab66b4823852e12eab6e75a6a8f96ff040

SHA256
e0535b96e7761939e10757f8bd5f61b8a8669df17cf3dd8cfdca169fb00b6b12

SHA512
bedc44a6e5ff418daaf3746d342841c8ad370c87c5a429913448088bb1520f73407d8294327c79c99872878bd1b60aff5d3b1b3592be779474fe705f91e57e7f

Download Submit
memory/2348-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-14-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2348-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-20-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2348-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2948-1-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/2948-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2948-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download