9aa2c9715f13a3a1ecc60cd4d8804e5967b141d63fa00506f3acbb2eb5fe6cb3

Analysis

max time kernel
165s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 14:32

Target

53c59c755d74ae9c697e0e189fcdbed5.exe
Size

1.3MB
MD5

53c59c755d74ae9c697e0e189fcdbed5
SHA1

cf190c4b619136a274199c60f4bde455e616fa07
SHA256

9aa2c9715f13a3a1ecc60cd4d8804e5967b141d63fa00506f3acbb2eb5fe6cb3
SHA512

53104ba6dac88b047f8b171dd900ed7a39bde218a0baac6e9fd78a51d93b0aa3e1bbc0cf3c0ed4eb15b8a2421601102bf1fffbf254f40ab5fec1590ea2482973
SSDEEP

24576:/ghFVw/1QAELbDBTzMkY0Bpyj5I/w6vlWnuzy6YMrqc236fCkle88oTBVRRMWO:/caApzMIB4j54VWnoRr5xlz1VRRMf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2732	53c59c755d74ae9c697e0e189fcdbed5.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	53c59c755d74ae9c697e0e189fcdbed5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4764-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000002268d-11.dat	upx
behavioral2/memory/2732-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4764	53c59c755d74ae9c697e0e189fcdbed5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4764	53c59c755d74ae9c697e0e189fcdbed5.exe
2732	53c59c755d74ae9c697e0e189fcdbed5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 2732	4764	53c59c755d74ae9c697e0e189fcdbed5.exe	91
PID 4764 wrote to memory of 2732	4764	53c59c755d74ae9c697e0e189fcdbed5.exe	91
PID 4764 wrote to memory of 2732	4764	53c59c755d74ae9c697e0e189fcdbed5.exe	91

C:\Users\Admin\AppData\Local\Temp\53c59c755d74ae9c697e0e189fcdbed5.exe

Filesize
1.2MB

MD5
838f808bb1c6c4ecf88ecbe0659242dc

SHA1
94554f8fa6980c52dab6f9b0edd79c74eda308c7

SHA256
2e06b8eac3a2104d0fec0af006db3470c62c544a67370e2c9ed577914902c32a

SHA512
42cdb215dc0bfb99df34088be9bab1e2e3731248594aee1a31d915495107b7d753d8a5f84c800f12f478dcbacb7df125030d62ff6da97d36ace47161e2331ec9

Download Submit
memory/2732-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-15-0x0000000001A30000-0x0000000001B63000-memory.dmp

Filesize
1.2MB

Download
memory/2732-20-0x0000000005690000-0x00000000058BA000-memory.dmp

Filesize
2.2MB

Download
memory/2732-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2732-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4764-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4764-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4764-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4764-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download