b7e6ced455a38e4838a37df9b01888dcd6f1825db63d0b1a462ba0dc01fc31bc

Analysis

max time kernel
160s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:00

Target

38f58bf4aa9cc472becde9d0830f9170.exe
Size

34KB
MD5

38f58bf4aa9cc472becde9d0830f9170
SHA1

5c705d9d31c091f1e97d6baa6b80ff53e92e3f49
SHA256

b7e6ced455a38e4838a37df9b01888dcd6f1825db63d0b1a462ba0dc01fc31bc
SHA512

fc63fcdebd1d0cb6424dc6f47a2d66dfad12f02f436c99e01efea16ffb34ad8e3c25786b9ee66f60dc8d30385e68b0a2aa83f87b1bbb0a103185478ba32cab25
SSDEEP

768:POkMJ4+MyblA8Vsn1dr6xkOgKQryICcizus9u1gj:GmoRVsnfaXgKQrKciaslj

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4084-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/4084-3-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/4084-12-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/4084-13-0x0000000000400000-0x0000000000419000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4084	38f58bf4aa9cc472becde9d0830f9170.exe

memory/4084-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4084-3-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4084-12-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4084-13-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download