6fc7f2413fc1a2d6dfac54ec931da9a06397e014f4091a2e5a2919fccbc070a0

Analysis

max time kernel
142s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 09:36

Target

5037818918d954a31f11977df6e82a38.exe
Size

1.5MB
MD5

5037818918d954a31f11977df6e82a38
SHA1

3d0f10335755eb003d8740acfca87e7a53cdeb1c
SHA256

6fc7f2413fc1a2d6dfac54ec931da9a06397e014f4091a2e5a2919fccbc070a0
SHA512

2a53c2bd9996cb44dc4e6716af842bc6b98b15f894206f88509115da7e50c0e76fcf912aecff1b30f842d4f2962149e05613f69910b49e546724944cf267ba03
SSDEEP

24576:QURR2unqRTQkGEpx52APDZlrN5bTkgUs7Vu+0qUWVCVe7mGar9OR5RTQruiW:QcEuqR8kPm+ZNN5wgd7Vu+0OVCsKGi9h

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
368	5037818918d954a31f11977df6e82a38.exe

Executes dropped EXE 1 IoCs

pid	Process
368	5037818918d954a31f11977df6e82a38.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5092-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000500000001e715-11.dat	upx
behavioral2/memory/368-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5092	5037818918d954a31f11977df6e82a38.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5092	5037818918d954a31f11977df6e82a38.exe
368	5037818918d954a31f11977df6e82a38.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 368	5092	5037818918d954a31f11977df6e82a38.exe	92
PID 5092 wrote to memory of 368	5092	5037818918d954a31f11977df6e82a38.exe	92
PID 5092 wrote to memory of 368	5092	5037818918d954a31f11977df6e82a38.exe	92

C:\Users\Admin\AppData\Local\Temp\5037818918d954a31f11977df6e82a38.exe

Filesize
1.5MB

MD5
33fea963d14379bcd08412c549afdee6

SHA1
466fd2c99438f3b01063c5288bce74ad02b961f1

SHA256
b5ecacc244d48313bee0fb9779f930ad6226de8fddd80996abb49b3731aa5dfb

SHA512
fb1540eff72abb8f7bf2c20502dfb98da7127b6c83eedd26974f6f2a9ab4f56fc450f4c3d3b2b69643238b941f9346f3a03279f3e9c4a763f499b2291ec26e85

Download Submit
memory/368-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/368-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/368-15-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/368-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/368-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/368-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5092-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5092-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/5092-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5092-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download