910b251fd99f568f2020ef678801eea400f3e195010286b6029cb9bb99b9cbe5

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:28

Target

380596b6321f723b1cd8bec9459d6acf.exe
Size

5.3MB
MD5

380596b6321f723b1cd8bec9459d6acf
SHA1

1a73123b8fc8026fd83688ad12c201c308f17f9f
SHA256

910b251fd99f568f2020ef678801eea400f3e195010286b6029cb9bb99b9cbe5
SHA512

fb58814249ddff3d063e8631aedc77c80de8d1505ba6ac39cd1a16b0807a945b90c64f5753e4b4576b903c674fd850813a6cc2f3b1264c4c8c894719fc4db037
SSDEEP

98304:937UmQozO4uHUv38C5hX+Ska4H1FoVyOwMEHUv38C5hX+Ska4Hj:93wmVON0v38aXMBfXv0v38aXMBD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4468	380596b6321f723b1cd8bec9459d6acf.exe

Executes dropped EXE 1 IoCs

pid	Process
4468	380596b6321f723b1cd8bec9459d6acf.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4780-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/4468-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023219-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4780	380596b6321f723b1cd8bec9459d6acf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4780	380596b6321f723b1cd8bec9459d6acf.exe
4468	380596b6321f723b1cd8bec9459d6acf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 4468	4780	380596b6321f723b1cd8bec9459d6acf.exe	90
PID 4780 wrote to memory of 4468	4780	380596b6321f723b1cd8bec9459d6acf.exe	90
PID 4780 wrote to memory of 4468	4780	380596b6321f723b1cd8bec9459d6acf.exe	90

C:\Users\Admin\AppData\Local\Temp\380596b6321f723b1cd8bec9459d6acf.exe

Filesize
249KB

MD5
6a7f8891d1017e1b014602419d551af9

SHA1
71f8751188275b9e1046f10f4af02afcc1a2fe35

SHA256
773c17e74cbee933f3ec87cb3f64567951bf65e875b5c7b17efe4d030ca1db85

SHA512
33197ba9d56232f85df93793584c962291b1a501a3faf76133157ab5e99b938e00ec7bbe0f73eed073890db43c108bad3d2f4b248d229b22e056ddb01ded89cf

Download Submit
memory/4468-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4468-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4468-16-0x0000000001D30000-0x0000000001E61000-memory.dmp

Filesize
1.2MB

Download
memory/4468-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4468-21-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/4468-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4780-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4780-1-0x0000000001D40000-0x0000000001E71000-memory.dmp

Filesize
1.2MB

Download
memory/4780-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4780-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download