8b4da6d51f56b01dc71cb1d72f2d9abab21a96fcc2b435bacd074d52aafa802b

Analysis

max time kernel
156s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 14:05

Target

53b6e105a8f47c137d1ea586a06903ec.exe
Size

2.7MB
MD5

53b6e105a8f47c137d1ea586a06903ec
SHA1

7cb3cb184cc4c6129a4aa0525cff024741573c76
SHA256

8b4da6d51f56b01dc71cb1d72f2d9abab21a96fcc2b435bacd074d52aafa802b
SHA512

f74974426a98a38223c808178d4a32d9d3cadfe9c162b54898e1143d8a52397622cc7c1802a6418bc296d7344aa8b6c06c81f8e763142e23bffb30c6240a9633
SSDEEP

49152:DQsSNH1JXrjVgpwDNO3KXHlPb97VZAB5R9wFZwbIQtpEoRZjDypS0O1I0OKqR9j:DQhNHj6EOaHlB5iPHMURZ7t1qHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2032	53b6e105a8f47c137d1ea586a06903ec.exe

Executes dropped EXE 1 IoCs

pid	Process
2032	53b6e105a8f47c137d1ea586a06903ec.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2676-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000700000002321e-12.dat	upx
behavioral2/memory/2032-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2676	53b6e105a8f47c137d1ea586a06903ec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2676	53b6e105a8f47c137d1ea586a06903ec.exe
2032	53b6e105a8f47c137d1ea586a06903ec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2032	2676	53b6e105a8f47c137d1ea586a06903ec.exe	88
PID 2676 wrote to memory of 2032	2676	53b6e105a8f47c137d1ea586a06903ec.exe	88
PID 2676 wrote to memory of 2032	2676	53b6e105a8f47c137d1ea586a06903ec.exe	88

C:\Users\Admin\AppData\Local\Temp\53b6e105a8f47c137d1ea586a06903ec.exe

Filesize
1.6MB

MD5
94c6c22521596a149d7dbdb946181638

SHA1
6714189262eed0ad5252ca68b483e859e20b52b4

SHA256
20ff448e28630a89fb49f2b036cdc16c1fbc75defe802ff3fbe7a2eb97316741

SHA512
eca4c8cfb7c8aba966626c688b980aef96c2df6dd2d6248cf58faeaf3bc3dc64f1b756f8fdfd5cf9e8f404a13a17e575ac64c13185ab6c941abed2927b3383a8

Download Submit
memory/2032-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2032-15-0x0000000001DA0000-0x0000000001ED1000-memory.dmp

Filesize
1.2MB

Download
memory/2032-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2032-21-0x0000000005690000-0x00000000058B2000-memory.dmp

Filesize
2.1MB

Download
memory/2032-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2032-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2676-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2676-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2676-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2676-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download