f3abcee62eabdf75efa04202f6d322a0ebeff5a3ec7e3a5aa7a0dfb3c1e07258

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 20:01

Target

5760965dbc491768599a0f4a300850b6.exe
Size

2.7MB
MD5

5760965dbc491768599a0f4a300850b6
SHA1

c2fe02d0e49a6d42ca8a1fbba35899aa3c710c06
SHA256

f3abcee62eabdf75efa04202f6d322a0ebeff5a3ec7e3a5aa7a0dfb3c1e07258
SHA512

2c5ae07da32fc0887f25379cd319bcfb5130eb5b0c0aa18e8221c5da544a32fd3f57c9bf99b0bab0783e8b8bbe11b3fff318903e76d1bc08325c0abcbafc747e
SSDEEP

49152:HZRtN+WELlMP3GbQbgnnR9ktBc1+Q4YdxSChG38bDUggR9t:HfhELl+WFnHktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1152	5760965dbc491768599a0f4a300850b6.exe

Executes dropped EXE 1 IoCs

pid	Process
1152	5760965dbc491768599a0f4a300850b6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3644-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000200000001fafe-11.dat	upx
behavioral2/memory/1152-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3644	5760965dbc491768599a0f4a300850b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3644	5760965dbc491768599a0f4a300850b6.exe
1152	5760965dbc491768599a0f4a300850b6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 1152	3644	5760965dbc491768599a0f4a300850b6.exe	89
PID 3644 wrote to memory of 1152	3644	5760965dbc491768599a0f4a300850b6.exe	89
PID 3644 wrote to memory of 1152	3644	5760965dbc491768599a0f4a300850b6.exe	89

C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe

Filesize
1.3MB

MD5
f00daa8c778d6c433bd26cea50aa2712

SHA1
058d74494c4e5c63b1b0a2c201f87ecdad99d2da

SHA256
19eecef80c67230e919325cfab90d9f8d4e561578aba50b643a7e99a0d7e3ccb

SHA512
5e8db2b61181402ca0aa2565d7d42c6545b994caaab37df757fcec723587a43d5876635c01de7e0b6f5ff5300953c63111c69606dd18ab3dce3bd03d21009e5f

Download Submit
memory/1152-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1152-15-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/1152-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1152-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1152-22-0x00000000055E0000-0x0000000005802000-memory.dmp

Filesize
2.1MB

Download
memory/1152-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3644-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3644-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3644-2-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/3644-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download