7b947d706fd88ba5f233c8bae604df7e64097f3d8444dc9153927ae19131d1ed

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 12:06

Target

566aea538eab367ce53b7b729c710348.exe
Size

2.7MB
MD5

566aea538eab367ce53b7b729c710348
SHA1

5c03186b0e39697e763abf4e1f28ff33e823f0cb
SHA256

7b947d706fd88ba5f233c8bae604df7e64097f3d8444dc9153927ae19131d1ed
SHA512

dbba78fdbef86e80f835bcc72adb4726a0768cada2cd65abd86a1f83c9f16aa89b9eea79f66a896e131637072821d5e3c8bfa9e97bb69e466f969e4dacf13695
SSDEEP

49152:Vcg4uGikIjqdy7gs640b14SEpZyE992phGeUR9Uvc3m/MPV3G8C26JY6R1lstNSo:uHuGiZjEyUjRZE+meUHUv38C5hX+Skao

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2012	566aea538eab367ce53b7b729c710348.exe

Executes dropped EXE 1 IoCs

pid	Process
2012	566aea538eab367ce53b7b729c710348.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3552-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3552	566aea538eab367ce53b7b729c710348.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3552	566aea538eab367ce53b7b729c710348.exe
2012	566aea538eab367ce53b7b729c710348.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 2012	3552	566aea538eab367ce53b7b729c710348.exe	88
PID 3552 wrote to memory of 2012	3552	566aea538eab367ce53b7b729c710348.exe	88
PID 3552 wrote to memory of 2012	3552	566aea538eab367ce53b7b729c710348.exe	88

C:\Users\Admin\AppData\Local\Temp\566aea538eab367ce53b7b729c710348.exe

Filesize
1.4MB

MD5
2253e026da8d1674feda83b40b365b8c

SHA1
de5fad4cfac6cc6ca3e0a980716a84b906a971b3

SHA256
93b8470c98346a8876f4014651ad0ac3eca88fcc6e78895ba021f30d91197222

SHA512
2daff9621c79fd986068a5d64fb6d10505e8953d3bebe155213c8685cc29ec9fe0fa840a24e73a0098af8962d4e7a3d667dea1859ea8b7cea7d99ff58e62ed0b

Download Submit
memory/2012-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2012-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2012-13-0x0000000001CA0000-0x0000000001DD1000-memory.dmp

Filesize
1.2MB

Download
memory/2012-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2012-20-0x0000000005590000-0x00000000057B2000-memory.dmp

Filesize
2.1MB

Download
memory/2012-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3552-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3552-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3552-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3552-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download