042bb32ab612d4181e7ab7da4b4ebafd57168a3a38f6e6304d8ae61e9ecd05b4

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 20:39

Target

51900ec709509b977c90bc573fe2439c.exe
Size

1.5MB
MD5

51900ec709509b977c90bc573fe2439c
SHA1

9e0868c179daec55f2c4626483bb88939406cb88
SHA256

042bb32ab612d4181e7ab7da4b4ebafd57168a3a38f6e6304d8ae61e9ecd05b4
SHA512

8e17c024b48bc68a8804e8676578891f4026bcd40a06cad3d30eb0cc94244d74f9dfaf4ef74d210a79f7fcf11d520d679bdb9a3c60f9700bf87adf2e9148b319
SSDEEP

24576:Cpwve10TS75+JqcqAxvoOCQU7z3chkfm5i5HjbW:Ch10j2NH3TYi5n

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2712	51900ec709509b977c90bc573fe2439c.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	51900ec709509b977c90bc573fe2439c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2064-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e630-11.dat	upx
behavioral2/memory/2712-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2064	51900ec709509b977c90bc573fe2439c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2064	51900ec709509b977c90bc573fe2439c.exe
2712	51900ec709509b977c90bc573fe2439c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2712	2064	51900ec709509b977c90bc573fe2439c.exe	87
PID 2064 wrote to memory of 2712	2064	51900ec709509b977c90bc573fe2439c.exe	87
PID 2064 wrote to memory of 2712	2064	51900ec709509b977c90bc573fe2439c.exe	87

C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe

Filesize
1.3MB

MD5
35558550581a8ed55f4e4cf72bd2ca15

SHA1
a33767dcde7df0cf0becc88dfac432f596df8218

SHA256
be00d42b5fc523243c3cb1cd1c99bcc7548d66aea4b6b6a9c63395ae896cc42b

SHA512
615563bceef10b5fc205d703d66b97137e7b1092bfb01de265a98a055bc6e4c8e266bcf77d3c5417f73ae361ad6f75033a8b5845a252116995521bb69d4764d3

Download Submit
memory/2064-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-1-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/2064-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2712-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2712-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2712-23-0x0000000005540000-0x000000000576A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download