978d64ba5b8e637eef63d2fe924d0d192b2b632bba8a12c0143e00b9237552be

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 14:17

Target

1b2b8cd57a5d88d44570411da9df85ae.exe
Size

5.8MB
MD5

1b2b8cd57a5d88d44570411da9df85ae
SHA1

910ab66d3514135f16bd8b3c1627d64ae97290fa
SHA256

978d64ba5b8e637eef63d2fe924d0d192b2b632bba8a12c0143e00b9237552be
SHA512

4925b9105d5d27f6011b7918a0110b051e7bb1c2a7bedc2744fc2beda85df7810a4e9bee31247a8e9459ad2f30ac9d3be3a2aa4479017466dbce48e7acecfeda
SSDEEP

98304:LAN+L0QkS5WaeakYbvgJhVd6e7QqvzYSwBnh0Zppynt1kYbvgJhVd6e7Q:cozkS5qgE6kFY5nCZp0tigE6k

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4132	1b2b8cd57a5d88d44570411da9df85ae.exe

Executes dropped EXE 1 IoCs

pid	Process
4132	1b2b8cd57a5d88d44570411da9df85ae.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4884-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000001e712-11.dat	upx
behavioral2/memory/4132-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4884	1b2b8cd57a5d88d44570411da9df85ae.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4884	1b2b8cd57a5d88d44570411da9df85ae.exe
4132	1b2b8cd57a5d88d44570411da9df85ae.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 4132	4884	1b2b8cd57a5d88d44570411da9df85ae.exe	91
PID 4884 wrote to memory of 4132	4884	1b2b8cd57a5d88d44570411da9df85ae.exe	91
PID 4884 wrote to memory of 4132	4884	1b2b8cd57a5d88d44570411da9df85ae.exe	91

C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe

Filesize
929KB

MD5
59d5cd337b86b9134d9c6cd914a5c9bf

SHA1
d3a39c1a018571aea2977838e584a540661a29a1

SHA256
e1f9e9951a267db57f7386f29ea3043235e9ee7e3075e47000cbae55817090e2

SHA512
ba826415d379a2a91957252cdfe94f2af10db6a4f92edc9d347e418f2e2ddeeca34952d2291d4e48b25f8d36ebbff17359877985fd401770d2698f989b2a1c49

Download Submit
memory/4132-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4132-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4132-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4132-21-0x0000000005520000-0x000000000574A000-memory.dmp

Filesize
2.2MB

Download
memory/4132-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4132-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4884-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4884-1-0x0000000001E80000-0x0000000001FB3000-memory.dmp

Filesize
1.2MB

Download
memory/4884-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4884-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download