22fe519c35b0cae7acdfa93a9a3d0b8c9ca5671458997bfa2380182b3629fb23

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 23:31

Target

54e288ae9c337a9332f73d4236690182.exe
Size

2.9MB
MD5

54e288ae9c337a9332f73d4236690182
SHA1

944ee6d5588c5a7b721f1c61a5e606165170b57f
SHA256

22fe519c35b0cae7acdfa93a9a3d0b8c9ca5671458997bfa2380182b3629fb23
SHA512

c54f6b202b21bd311fee10eff7c2de1159d0d6db1bdc72d1a30c50739fddf43c5cb91cbc33d5a2ff121d5192ae76c8984bb42eb50f7e3bc327414878c602d784
SSDEEP

49152:NqIzGKqOYQ+F8V30qr1dddGHShW/CpHfHqUYJsTP4M338dB2IBlGuuDVUsdxxjek:lznjX+aV351ddwgWWfUYgg3gnl/IVUsn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1292	54e288ae9c337a9332f73d4236690182.exe

Executes dropped EXE 1 IoCs

pid	Process
1292	54e288ae9c337a9332f73d4236690182.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4676-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023221-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4676	54e288ae9c337a9332f73d4236690182.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4676	54e288ae9c337a9332f73d4236690182.exe
1292	54e288ae9c337a9332f73d4236690182.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 1292	4676	54e288ae9c337a9332f73d4236690182.exe	88
PID 4676 wrote to memory of 1292	4676	54e288ae9c337a9332f73d4236690182.exe	88
PID 4676 wrote to memory of 1292	4676	54e288ae9c337a9332f73d4236690182.exe	88

C:\Users\Admin\AppData\Local\Temp\54e288ae9c337a9332f73d4236690182.exe

Filesize
1.6MB

MD5
48d8e42857b905acbc7c487b723d986c

SHA1
393c2b26950608384b112e1f4c426cce5cb56a71

SHA256
0282a009bc0b2af733e812750411a5d1057a8581e2426dfa1f56092d6cf312b5

SHA512
62b3efcd9f102d6bd818bbe51cdb8d5e2389ac344badb812838649187b062db6fa8a3d7cc34fd5791ac304a649b7fbda4080199ed5e263883f172ba90ede41d6

Download Submit
memory/1292-14-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/1292-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1292-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1292-20-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/1292-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1292-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4676-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4676-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4676-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4676-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download