2a57b02f88facc3eb02f32c7cdffbf7a39470a373adb5f36f9457b4fc3e60679

Analysis

max time kernel
137s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 11:20

Target

506b16214cf7a38fbe82cdd1f1c7c7e0.exe
Size

2.9MB
MD5

506b16214cf7a38fbe82cdd1f1c7c7e0
SHA1

c1b64bc123509d4951f03218e20eb6c38cafb6e5
SHA256

2a57b02f88facc3eb02f32c7cdffbf7a39470a373adb5f36f9457b4fc3e60679
SHA512

443736d817206814f3ddccaa36f50808dd8a8f3318ee22ee9a6ce12d79fe5877aaf5cc44efc8635ebecf16413655dd82a96c2fcef3cac247c2f1e7ce8290d045
SSDEEP

49152:B6yQufKQPfhezRFkZ8sFe1N74NH5HUyNRcUsCVOzetdZJ:Bd/KGfPZNq4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3896	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Executes dropped EXE 1 IoCs

pid	Process
3896	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1800-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000001e0ce-11.dat	upx
behavioral2/memory/3896-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1800	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1800	506b16214cf7a38fbe82cdd1f1c7c7e0.exe
3896	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 3896	1800	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	91
PID 1800 wrote to memory of 3896	1800	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	91
PID 1800 wrote to memory of 3896	1800	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	91

C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Filesize
2.9MB

MD5
3a7d814e1461b2206a509a81639d9cfa

SHA1
944bf6ac16d0a74bf0a71ddca3cb256fc30f5e3a

SHA256
473b16e3bfd232b1cc8f5dc231c7826e59478f6c2e678fcfe1a96ab571b31738

SHA512
6728ba76976731e4f7858d324c5933b4309a634027679446f8f9268b4dbde692fe7cc5843da710d3f9bf08d938f206267c7009a8fdfa2ac2c88ad381e0822036

Download Submit
memory/1800-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1800-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1800-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1800-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3896-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3896-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3896-15-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/3896-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/3896-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3896-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download