00a18aed439c65fec3ac0b8a7b3360cc64df7791b2cff3e68e4ba01f90ff4951

Analysis

max time kernel
152s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 13:15

Target

539e43dd97a3341d54595329e9fbfb21.exe
Size

59KB
MD5

539e43dd97a3341d54595329e9fbfb21
SHA1

267b10b074decd98742c7e9446561ce4622c4b18
SHA256

00a18aed439c65fec3ac0b8a7b3360cc64df7791b2cff3e68e4ba01f90ff4951
SHA512

bd92d76d1135698fb07468287322c669686f121b0ec6605b027f1eef37d95aef3dda86aa2b985b55f42a7d5d106a2c713bda5660f3ecd3e8c29355489d73e2ab
SSDEEP

1536:XP7zOtlwnQCS7snKCcb+qtqSCNSbW2h1JxvLJie:Xiwnh1nRcb+6HCopdvLJie

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
492	539e43dd97a3341d54595329e9fbfb21.exe

Executes dropped EXE 1 IoCs

pid	Process
492	539e43dd97a3341d54595329e9fbfb21.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3800-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000b000000023030-11.dat	upx
behavioral2/memory/492-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3800	539e43dd97a3341d54595329e9fbfb21.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3800	539e43dd97a3341d54595329e9fbfb21.exe
492	539e43dd97a3341d54595329e9fbfb21.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 492	3800	539e43dd97a3341d54595329e9fbfb21.exe	91
PID 3800 wrote to memory of 492	3800	539e43dd97a3341d54595329e9fbfb21.exe	91
PID 3800 wrote to memory of 492	3800	539e43dd97a3341d54595329e9fbfb21.exe	91

C:\Users\Admin\AppData\Local\Temp\539e43dd97a3341d54595329e9fbfb21.exe

Filesize
59KB

MD5
d972533189471e4326bb7912cd76248d

SHA1
f779ca5be4c8a1b175a31d66877fc27653f9bfd3

SHA256
6c8457f7d9733e80500c3d6c737036092a2cecee9ce263baf66700357c0c0b45

SHA512
c6944f9c0c228e14aaafa333cfd067b976c853d29ae2ad600b4ac01ddcb3043394921be028916fc767bc7e81c65f5271e01841ef491ab9a3440f8c278e75dd80

Download Submit
memory/492-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/492-16-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/492-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/492-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/492-22-0x00000000015B0000-0x00000000015CD000-memory.dmp

Filesize
116KB

Download
memory/492-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3800-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3800-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/3800-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3800-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download