5d243d5f90f3f0ef54868a437e11be6fbe8361f6245933ae088b4aa405ffeeae

Analysis

max time kernel
152s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 21:08

Target

3b0de53f3e7d53474085600f89a10914.exe
Size

1.3MB
MD5

3b0de53f3e7d53474085600f89a10914
SHA1

863f32c4f24949c1d1b2d265129c8154967ccef0
SHA256

5d243d5f90f3f0ef54868a437e11be6fbe8361f6245933ae088b4aa405ffeeae
SHA512

88a22fbcd4cff0b28c19af54e73b9a82bf012df74861ef7105c0c5297c4c32eb1d3058357568c0a0b4eba03f1bb586c74402a43f058bce9b4529d5fd887d1a60
SSDEEP

24576:HIGb7ulgWb0OKXW6RJWxeIL13WXI1ib6cD0uosK8nYO2Cru6awqSdjU1YAWc:HHb7o9hf6RJWxxF1ib6sbKiu6awxdj2t

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
220	3b0de53f3e7d53474085600f89a10914.exe

Executes dropped EXE 1 IoCs

pid	Process
220	3b0de53f3e7d53474085600f89a10914.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4360-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321b-11.dat	upx
behavioral2/memory/220-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4360	3b0de53f3e7d53474085600f89a10914.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4360	3b0de53f3e7d53474085600f89a10914.exe
220	3b0de53f3e7d53474085600f89a10914.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 220	4360	3b0de53f3e7d53474085600f89a10914.exe	93
PID 4360 wrote to memory of 220	4360	3b0de53f3e7d53474085600f89a10914.exe	93
PID 4360 wrote to memory of 220	4360	3b0de53f3e7d53474085600f89a10914.exe	93

C:\Users\Admin\AppData\Local\Temp\3b0de53f3e7d53474085600f89a10914.exe

Filesize
75KB

MD5
7b361ae4d299e1012f18cdd6d3c554ed

SHA1
99fb47c36defae0099eb6b5dcaeac292d40875c6

SHA256
f6f75156ef69fd2bcf2892dd0a3011338ebc4e9562294dbecce19eb7bd062f29

SHA512
0f8340c3bded99073a097bca982e40b3441cddb2f72415bd062f0ff8e04a1cc13b78fc6c09a6760441f70e6c7a6785f1405cbc86ac0dd2afcdded41d501672e4

Download Submit
memory/220-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/220-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/220-15-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/220-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/220-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/220-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4360-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4360-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/4360-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4360-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download