e9c5b06dec417ee2ee756035c8cdc026bf3abaeed7ca9ab73b1447f61741c7eb

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 06:36

Target

55be75e757c49a990900d5a8baedfe1a.exe
Size

1.3MB
MD5

55be75e757c49a990900d5a8baedfe1a
SHA1

b96142abf2220133fe75c86761e482f3f4c22059
SHA256

e9c5b06dec417ee2ee756035c8cdc026bf3abaeed7ca9ab73b1447f61741c7eb
SHA512

5c579bd359747e5ba983c6d02f49f0014eee3d4e405810e777d417e8e03d48e1254856bc228163c215feb09a8ebf584ca0b390e6c6f50288b070e2f8fdf81788
SSDEEP

24576:wwGkyCbfqG2eFOgFpCNJzW1GGKjCy1CyvDKkPSW9hBw59X213U9/9Us:w2vbyLUCH6U/jCy8MGk/wDX2qR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4768	55be75e757c49a990900d5a8baedfe1a.exe

Executes dropped EXE 1 IoCs

pid	Process
4768	55be75e757c49a990900d5a8baedfe1a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/396-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023237-11.dat	upx
behavioral2/memory/4768-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
396	55be75e757c49a990900d5a8baedfe1a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
396	55be75e757c49a990900d5a8baedfe1a.exe
4768	55be75e757c49a990900d5a8baedfe1a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4768	396	55be75e757c49a990900d5a8baedfe1a.exe	90
PID 396 wrote to memory of 4768	396	55be75e757c49a990900d5a8baedfe1a.exe	90
PID 396 wrote to memory of 4768	396	55be75e757c49a990900d5a8baedfe1a.exe	90

C:\Users\Admin\AppData\Local\Temp\55be75e757c49a990900d5a8baedfe1a.exe

Filesize
61KB

MD5
6be325712a70dc8ba0a18994253c32be

SHA1
ead8281fba0ecd1930f339203c3ee3033640bee9

SHA256
0e83c58efa475517f2f29dbfdc1996e80b0b8207129ef738d19532a87dea6c51

SHA512
c1557485b4c07e1f1c2bae927b4af123b3078da4af76e069f343d2f64b538b1e1e8878fd74bffefbc82636ed716c5f9067ed3c67ec47b3bb88a52359c883142c

Download Submit
memory/396-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/396-1-0x0000000001CD0000-0x0000000001E01000-memory.dmp

Filesize
1.2MB

Download
memory/396-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/396-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4768-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4768-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4768-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4768-20-0x0000000005580000-0x00000000057A2000-memory.dmp

Filesize
2.1MB

Download
memory/4768-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4768-27-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download