f230080b8cec4c0b4ea0ad7fa7a76982da186808a2c832c9d5d4804b189f3e3f

Analysis

max time kernel
198s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:28

Target

26622874259ef76f8efe1b6fadcbc237.exe
Size

5.3MB
MD5

26622874259ef76f8efe1b6fadcbc237
SHA1

aa754625e31d3eb530ab7899640b28191bb295f9
SHA256

f230080b8cec4c0b4ea0ad7fa7a76982da186808a2c832c9d5d4804b189f3e3f
SHA512

d434a48e57cc8eb1e7eb745d5a91c0bd4f9e999f66afe199d5e1a7771889be88e715c84857f49572a636c54b1678dbcc8aa53c8305064d039647ec47d10a05fb
SSDEEP

98304:snFcCXi7RGgt5H6P2dVIqNaS/DCHGnATOwlQH8xH6P2dVIqNaS/DCHj:ITy7rXFWmATdCH8xXFWD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2460	26622874259ef76f8efe1b6fadcbc237.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	26622874259ef76f8efe1b6fadcbc237.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2508-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00060000000231db-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2508	26622874259ef76f8efe1b6fadcbc237.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2508	26622874259ef76f8efe1b6fadcbc237.exe
2460	26622874259ef76f8efe1b6fadcbc237.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2460	2508	26622874259ef76f8efe1b6fadcbc237.exe	93
PID 2508 wrote to memory of 2460	2508	26622874259ef76f8efe1b6fadcbc237.exe	93
PID 2508 wrote to memory of 2460	2508	26622874259ef76f8efe1b6fadcbc237.exe	93

C:\Users\Admin\AppData\Local\Temp\26622874259ef76f8efe1b6fadcbc237.exe

Filesize
857KB

MD5
ea694d84d167afedb306c2d0af03b9a5

SHA1
353ef24524c1306f67413f4c8255945f730e59d7

SHA256
603812258b941c21422140fa37d53a467a614e455257c37b18eda305be952690

SHA512
e0c8c8a16dab9f27a6b69c6b39406ac739e99946525c9e4a42fc3fd1f1af7254b0748d6bdc27a181cdc8b134287058f969f2a9fd03771fa1c9f68a690cb2e535

Download Submit
memory/2460-16-0x0000000001C30000-0x0000000001D61000-memory.dmp

Filesize
1.2MB

Download
memory/2460-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2460-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2460-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2460-21-0x0000000005520000-0x0000000005742000-memory.dmp

Filesize
2.1MB

Download
memory/2460-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2508-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2508-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2508-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2508-12-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download