9fb99d1afa435cb19b98d64f0ccd04dac5ea82bb8bed26410fc1e567b29ac4c8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:50

Target

252f88632fc656dd3703513b2c1d67ed.exe
Size

1.3MB
MD5

252f88632fc656dd3703513b2c1d67ed
SHA1

2c29e3e4d2bd3b1d15b694f2d5977f94594663e9
SHA256

9fb99d1afa435cb19b98d64f0ccd04dac5ea82bb8bed26410fc1e567b29ac4c8
SHA512

4aafc64a758f7d82b787ed9a00784e365f14c8d4b7eb11cbc00991b22b43a099ec926b69fb48fdba7852cb36551b6992388808f4a2cdfcb55c638cf829d7dd49
SSDEEP

24576:RZlinJlMi3r3XaDvlFeYnB+gvKxnYjcHq8e8ihR6RWGSQcZ+WO:PlWnME3XabnTrcKeS6rSQc+f

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4356	252f88632fc656dd3703513b2c1d67ed.exe

Executes dropped EXE 1 IoCs

pid	Process
4356	252f88632fc656dd3703513b2c1d67ed.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4052-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000224fc-11.dat	upx
behavioral2/memory/4356-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4052	252f88632fc656dd3703513b2c1d67ed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4052	252f88632fc656dd3703513b2c1d67ed.exe
4356	252f88632fc656dd3703513b2c1d67ed.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 4356	4052	252f88632fc656dd3703513b2c1d67ed.exe	47
PID 4052 wrote to memory of 4356	4052	252f88632fc656dd3703513b2c1d67ed.exe	47
PID 4052 wrote to memory of 4356	4052	252f88632fc656dd3703513b2c1d67ed.exe	47

C:\Users\Admin\AppData\Local\Temp\252f88632fc656dd3703513b2c1d67ed.exe

Filesize
69KB

MD5
563397b2bbf74c3317261dd325c9b7c2

SHA1
839a992b6e367123f76018e830136308e76cc951

SHA256
cb32f4db4f50f1a740b4d8aac6a2afb2dddba3cbfd56276e39091d78dfe4f36e

SHA512
029992ad8384bed6207079d9b58ce18040be79020eba7d2684abcae5c5dbdd1b9d87e8c21713b1d3c1214d3fd91bdca2d8843a3046d6693f8d91f2c433ec19cf

Download Submit
memory/4052-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4052-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/4052-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4052-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4356-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4356-16-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/4356-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4356-21-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/4356-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4356-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download