ffc7d7a5cd92131be1043894fd53b20fc5cc4af8deeb609cf695cd8057d0ffba

Analysis

max time kernel
171s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 07:07

Target

2cc2b1b6b78d229ede31df1dd47151f4.exe
Size

1.3MB
MD5

2cc2b1b6b78d229ede31df1dd47151f4
SHA1

3f1e141cd64c06adb585a0ec2f6d26c2da117e2e
SHA256

ffc7d7a5cd92131be1043894fd53b20fc5cc4af8deeb609cf695cd8057d0ffba
SHA512

0867a61be196eafdc4bed96776f0d15ec2582176ba293950eecc1ff55eddeec77559a1a2259ac64df814426488bc89cba357ce42e3e37493f0e7747400d3b0b1
SSDEEP

24576:g4YR59iir4Cwdg15r17mzDbW7GFh56SXq0olD8X385mjRE6JPdZ16PtzVWc:cp6g3FIh56SX5IDR5sZdZ8PtZp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1688	2cc2b1b6b78d229ede31df1dd47151f4.exe

Executes dropped EXE 1 IoCs

pid	Process
1688	2cc2b1b6b78d229ede31df1dd47151f4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1952-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000002320d-11.dat	upx
behavioral2/memory/1688-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1952	2cc2b1b6b78d229ede31df1dd47151f4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1952	2cc2b1b6b78d229ede31df1dd47151f4.exe
1688	2cc2b1b6b78d229ede31df1dd47151f4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1688	1952	2cc2b1b6b78d229ede31df1dd47151f4.exe	39
PID 1952 wrote to memory of 1688	1952	2cc2b1b6b78d229ede31df1dd47151f4.exe	39
PID 1952 wrote to memory of 1688	1952	2cc2b1b6b78d229ede31df1dd47151f4.exe	39

C:\Users\Admin\AppData\Local\Temp\2cc2b1b6b78d229ede31df1dd47151f4.exe

Filesize
92KB

MD5
06db83c1dcd7e2d1140ceb60cef1d12c

SHA1
ba975465ce6e000f2cb7d05f8109807aa277bd92

SHA256
f55b0dac14f8fa90f5a2f4ddc86c3ce96c4689924759a174fbf9bc222f4163dd

SHA512
d10ca5daabbdaaf720f5de93cfa5797ace46a013a76a5c06fbbeab5cac85591ef61146f32b96c30728ebbe758de6c4fa1b4e2d32439dd379fdab458599a58320

Download Submit
memory/1688-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1688-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1688-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1688-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/1688-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1688-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1952-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1952-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/1952-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1952-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download