548c261c5b54ea1428baf6d1d109f0bcdfe93575d7e3ee2bb8f9f1dfaad52c11

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 14:20

Target

399c347a62833e78b259c64e6c2f02fa.exe
Size

1.3MB
MD5

399c347a62833e78b259c64e6c2f02fa
SHA1

df571474a3b1572efe5795525c1fd21babcb9514
SHA256

548c261c5b54ea1428baf6d1d109f0bcdfe93575d7e3ee2bb8f9f1dfaad52c11
SHA512

273d3700df4321c32b5ded4766f2cac292f35ec0122fc2ffbeefc57f21a1fee1d376efd13680dca7a1bec17ef8651694dc8f4215651246e43b9644b533619bd8
SSDEEP

24576:fco5Rj+vBIXIpdcPh48eY0EDmrqCvukaw6DMeNahZ5AlOZgJP7/Wc:0oDIIXidw48etEKXawpCG50rTp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4928	399c347a62833e78b259c64e6c2f02fa.exe

Executes dropped EXE 1 IoCs

pid	Process
4928	399c347a62833e78b259c64e6c2f02fa.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4968-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4928-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4968	399c347a62833e78b259c64e6c2f02fa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4968	399c347a62833e78b259c64e6c2f02fa.exe
4928	399c347a62833e78b259c64e6c2f02fa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 4928	4968	399c347a62833e78b259c64e6c2f02fa.exe	89
PID 4968 wrote to memory of 4928	4968	399c347a62833e78b259c64e6c2f02fa.exe	89
PID 4968 wrote to memory of 4928	4968	399c347a62833e78b259c64e6c2f02fa.exe	89

C:\Users\Admin\AppData\Local\Temp\399c347a62833e78b259c64e6c2f02fa.exe

Filesize
217KB

MD5
83fda235d0564b7c3cccbf9b021aa6ca

SHA1
49f9a0fa38ebc8c40f072270bf7e00cb767c18ee

SHA256
965deb49155b4b7b7c1a589a53318cf07bc97ad92b91dbc9c94e80226558e276

SHA512
9e05e40e6bd63194892a3606e888035d157c0ad77af13174991baf45d6b388ad162ed484961df5f24b990496e02d2a6c3a6e817c00063551bc9f63841616c529

Download Submit
memory/4928-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4928-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/4928-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4928-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4928-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4928-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4968-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4968-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/4968-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4968-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download