1debcf2f1f195750132b1a6fe7690122f4dd561382ab0d6f1b0d1e6a63d70b78

Analysis

max time kernel
140s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 20:26

Target

1bd29df961ff17fde8f08f0627f50b6f.exe
Size

68KB
MD5

1bd29df961ff17fde8f08f0627f50b6f
SHA1

f765af2682050aa61204a73bb37cbee57fa9142f
SHA256

1debcf2f1f195750132b1a6fe7690122f4dd561382ab0d6f1b0d1e6a63d70b78
SHA512

520ff0a744b89eb5ce45756d2bdc73e26dd3e452703a5f5f616504a3cfb7aa3cbde3cf52b48cec6aaef2238f5e0736774954caade17a452662a1a4a53c20cc57
SSDEEP

1536:OwX3xrIlwhjCLFo/3Vy7JudmJitA7YTXwgiAGPuFdbsk2q0CmuJdr:bX3JtjOe3VIJBitAsTdrJdLBbdr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2564	1bd29df961ff17fde8f08f0627f50b6f.exe

Executes dropped EXE 1 IoCs

pid	Process
2564	1bd29df961ff17fde8f08f0627f50b6f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/900-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/2564-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0008000000023207-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
900	1bd29df961ff17fde8f08f0627f50b6f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
900	1bd29df961ff17fde8f08f0627f50b6f.exe
2564	1bd29df961ff17fde8f08f0627f50b6f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 2564	900	1bd29df961ff17fde8f08f0627f50b6f.exe	24
PID 900 wrote to memory of 2564	900	1bd29df961ff17fde8f08f0627f50b6f.exe	24
PID 900 wrote to memory of 2564	900	1bd29df961ff17fde8f08f0627f50b6f.exe	24

C:\Users\Admin\AppData\Local\Temp\1bd29df961ff17fde8f08f0627f50b6f.exe

Filesize
64KB

MD5
36ca28e4f37018f4e2b8ee63afc17f44

SHA1
27a59ac84889572ff077bd0ad689c08a39f08269

SHA256
0028a748708c321a8ca6ef692ec4172059520ceaade127df86b0d21445ebea5b

SHA512
08e9ee7e7337aebdb9c64f8788ce96954b3c5c60321b0b9adeb7938dcbedb7b1bc79702fad0a001e471de41aec6b1a3ac67eda321c7b8e2fb57f8a873a83f87b

Download Submit
memory/900-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/900-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/900-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/900-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2564-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2564-24-0x00000000001D0000-0x00000000001EB000-memory.dmp

Filesize
108KB

Download
memory/2564-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2564-14-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/2564-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2564-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download