7e2426a73de5d2ebd20aa3048012b1991effbfc1237ae2ef5a3d903996ac2f02

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 23:50

Target

59baf5c49316b92306fddbf83cf0c892.exe
Size

56KB
MD5

59baf5c49316b92306fddbf83cf0c892
SHA1

f319e28d3e282a3a2c327ae1802f58df1a55f272
SHA256

7e2426a73de5d2ebd20aa3048012b1991effbfc1237ae2ef5a3d903996ac2f02
SHA512

2ff673bc51b72c6d2cd166d302bcd34bc3436011574c34039eabcdbc2a003e44de6267a7e92946c4b5a1267356c140f383b3e1e76073ca8fdf507d2e13f3f2a8
SSDEEP

1536:Lj2G3F47ZfeXBgnEASnUfu9wio/JooZL:Lu9eX9csob1

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3000	59baf5c49316b92306fddbf83cf0c892.exe

Executes dropped EXE 1 IoCs

pid	Process
3000	59baf5c49316b92306fddbf83cf0c892.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1480-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x000c000000023165-11.dat	upx
behavioral2/memory/3000-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1480	59baf5c49316b92306fddbf83cf0c892.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1480	59baf5c49316b92306fddbf83cf0c892.exe
3000	59baf5c49316b92306fddbf83cf0c892.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3000	1480	59baf5c49316b92306fddbf83cf0c892.exe	88
PID 1480 wrote to memory of 3000	1480	59baf5c49316b92306fddbf83cf0c892.exe	88
PID 1480 wrote to memory of 3000	1480	59baf5c49316b92306fddbf83cf0c892.exe	88

C:\Users\Admin\AppData\Local\Temp\59baf5c49316b92306fddbf83cf0c892.exe

Filesize
56KB

MD5
a2a4dfd83675cfbd1c89419deed99749

SHA1
ad98035f84c62117ba1eda02a1cf4d2bd78a11f7

SHA256
0bef91778ed63ef3b39e5feab84d8834ace40154fd0188b23dd72b04b5eddec0

SHA512
4b5e1a99e365f3253bb336ad19ee17842afbbbeb58b46b3a92e89ec78e83b25be158c1739dc382a9f95f72a1b353ca26815de04ee13834742e4e7299fbe67590

Download Submit
memory/1480-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1480-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/1480-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1480-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3000-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3000-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3000-16-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/3000-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3000-25-0x00000000014C0000-0x00000000014DB000-memory.dmp

Filesize
108KB

Download
memory/3000-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download