af6f33bb41e3170223a6d7c3889cd383ea3670ecac2aa3a9cbab9e8110c2a53b

Analysis

max time kernel
146s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:59

Target

257a3280cad5a5a9555f942002845348.exe
Size

5.8MB
MD5

257a3280cad5a5a9555f942002845348
SHA1

1637db21e7134b80d0f6c59eb6d5d2beef3488eb
SHA256

af6f33bb41e3170223a6d7c3889cd383ea3670ecac2aa3a9cbab9e8110c2a53b
SHA512

9268bf20e7d960f0445a757d0717fea7a4821bf348819250cf3dfb4f5dd43e0b36c61c070694bdf10090c419e48dec1513d3764be3e17a1ddde967f1e2f9afe6
SSDEEP

98304:azNiLzloql4HBUCczzM3NBHwpoD4IfkIg4HBUCczzM3:ahivlveWCRSpoxnWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4432	257a3280cad5a5a9555f942002845348.exe

Executes dropped EXE 1 IoCs

pid	Process
4432	257a3280cad5a5a9555f942002845348.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4580-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000500000001e7e6-12.dat	upx
behavioral2/memory/4432-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4580	257a3280cad5a5a9555f942002845348.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4580	257a3280cad5a5a9555f942002845348.exe
4432	257a3280cad5a5a9555f942002845348.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4432	4580	257a3280cad5a5a9555f942002845348.exe	93
PID 4580 wrote to memory of 4432	4580	257a3280cad5a5a9555f942002845348.exe	93
PID 4580 wrote to memory of 4432	4580	257a3280cad5a5a9555f942002845348.exe	93

C:\Users\Admin\AppData\Local\Temp\257a3280cad5a5a9555f942002845348.exe

Filesize
2.7MB

MD5
51f58385c6b73039b180842f4e322f4a

SHA1
36c18c677da175a6328c3d4a219346f2e6e4e73b

SHA256
34e2540121858f20cdea6a9f365719bbbfb70d1b3bae14ca9ea2875a43b1567a

SHA512
368574f16b796ca980add516d44bad7269c6eef3372f1678948f000caa2713f4efa170a5f1602f78f13930f832a899383ce51d71cc04929d92edd2b01d901036

Download Submit
memory/4432-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4432-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4432-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4432-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/4432-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4432-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4580-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4580-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4580-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4580-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download