5d92f09dfb240fa084c3f60b5fd2cbc37c437e4cbe0b706306b3b1d266b6d6bb

Analysis

max time kernel
168s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 03:33

Target

2684a80790f79192051a6afa8e010a75.exe
Size

10.6MB
MD5

2684a80790f79192051a6afa8e010a75
SHA1

966fb46f7269188c2f5a748306e03a31d6eb2f3e
SHA256

5d92f09dfb240fa084c3f60b5fd2cbc37c437e4cbe0b706306b3b1d266b6d6bb
SHA512

bb016863769fa1696149ad13a06fd7d0429aac8523973fa135ab7542c66aacacdb258227649a5756f6e97fd2d52f49d6f742ef15995073e3c3cc5979ded59fdb
SSDEEP

196608:c1Per6DMlUTqCH/5eBLEXPhTqCH/8mnpAnj6TqCH/5eBLEXPhTqCH/Y:eGrUSUTTf5eBLwpTTf8m6nj6TTf5eBLF

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3992	2684a80790f79192051a6afa8e010a75.exe

Executes dropped EXE 1 IoCs

pid	Process
3992	2684a80790f79192051a6afa8e010a75.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1276-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3992-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002323a-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1276	2684a80790f79192051a6afa8e010a75.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1276	2684a80790f79192051a6afa8e010a75.exe
3992	2684a80790f79192051a6afa8e010a75.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 3992	1276	2684a80790f79192051a6afa8e010a75.exe	91
PID 1276 wrote to memory of 3992	1276	2684a80790f79192051a6afa8e010a75.exe	91
PID 1276 wrote to memory of 3992	1276	2684a80790f79192051a6afa8e010a75.exe	91

C:\Users\Admin\AppData\Local\Temp\2684a80790f79192051a6afa8e010a75.exe

Filesize
92KB

MD5
c6a5afef06a67198589466cf52da389e

SHA1
cefd0d4c7fc29d9910d5c0a09adde11d19d5c75d

SHA256
9bddc64a0f51cea2b59b4cece47685271eef482dc8d32aabe1aa0529ce7af708

SHA512
00ef8754aea9b2b254686af23096079fecb554c8d27696eb138be314cceb96787f8290e2d85c601f709b6b44813a879f3765223bf96cdd55a2baa489ebf9a0f6

Download Submit
memory/1276-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/1276-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1276-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1276-11-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3992-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3992-15-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/3992-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3992-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/3992-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3992-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download