0637f7b3f7581aa8ae091650b48224397cb450d885564ae82d29046a024354f8

Analysis

max time kernel
213s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 14:03

Target

390d01f4b80316f022734623f644a369.exe
Size

1.5MB
MD5

390d01f4b80316f022734623f644a369
SHA1

f837da3f4db463dea53a7b4ff40fc49c0a69fa89
SHA256

0637f7b3f7581aa8ae091650b48224397cb450d885564ae82d29046a024354f8
SHA512

625123db2b5535d530ebc9891e6460b062137f786b294ad19f2e53afb02ea73b87c7789ca7cf26b8ec88ecc9de6f97daca53254dbb903664bda8e755301b1181
SSDEEP

24576:HaS2C/5NcsFbdclzIV1Gtg/YNkRPRtKNkIul7tFejmNadVVrW:6YrcEf/YNk/tKdulJrNmP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5048	390d01f4b80316f022734623f644a369.exe

Executes dropped EXE 1 IoCs

pid	Process
5048	390d01f4b80316f022734623f644a369.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2208-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023139-11.dat	upx
behavioral2/memory/5048-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2208	390d01f4b80316f022734623f644a369.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2208	390d01f4b80316f022734623f644a369.exe
5048	390d01f4b80316f022734623f644a369.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 5048	2208	390d01f4b80316f022734623f644a369.exe	92
PID 2208 wrote to memory of 5048	2208	390d01f4b80316f022734623f644a369.exe	92
PID 2208 wrote to memory of 5048	2208	390d01f4b80316f022734623f644a369.exe	92

C:\Users\Admin\AppData\Local\Temp\390d01f4b80316f022734623f644a369.exe

Filesize
1024KB

MD5
2e12c12504cbdc30682803a94c38c31a

SHA1
4849cf548e15cc3fec4557473c6f2cc2e25312af

SHA256
7b4758b002ece2569e300b2743f5ee031718b5f75fa6ff276838b16600e0af04

SHA512
85983a9de9a11e19fc4c85b2c63f5a129604806baeb41153b91ab1ae3896260b4667c80c094d76dfce1c20cbb14c096e8ff5c711991a120688ce280bf69830f4

Download Submit
memory/2208-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2208-2-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/2208-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2208-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5048-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5048-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5048-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5048-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/5048-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5048-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download