8a84f79b9afe895f0d7bbcdd5ac15416824d1cc188f7005109ee7f462ffd1052

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 02:42

Target

54acc5065c35f566bb2e493617d7bdd0.exe
Size

1.3MB
MD5

54acc5065c35f566bb2e493617d7bdd0
SHA1

b8f603b04a6b5f90240e3e341a88a55d83ee3e05
SHA256

8a84f79b9afe895f0d7bbcdd5ac15416824d1cc188f7005109ee7f462ffd1052
SHA512

213c98a2792cfb53200c5af98884ce36a57ff10decdcf99b2a291f65b67e403195fb44b0c0d458c949af7cfd75c4e72174ed7f2e1a14bd672868db3900d0c9bb
SSDEEP

24576:akiiBxZxv/TdgugyfYakxJ8hQjX0QeTnlg+J0HOCXU9/9Us:SiBTxhgjAYakD/X0QeqK0GR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2152	54acc5065c35f566bb2e493617d7bdd0.exe

Executes dropped EXE 1 IoCs

pid	Process
2152	54acc5065c35f566bb2e493617d7bdd0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1040-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00050000000006e9-11.dat	upx
behavioral2/memory/2152-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1040	54acc5065c35f566bb2e493617d7bdd0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1040	54acc5065c35f566bb2e493617d7bdd0.exe
2152	54acc5065c35f566bb2e493617d7bdd0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2152	1040	54acc5065c35f566bb2e493617d7bdd0.exe	22
PID 1040 wrote to memory of 2152	1040	54acc5065c35f566bb2e493617d7bdd0.exe	22
PID 1040 wrote to memory of 2152	1040	54acc5065c35f566bb2e493617d7bdd0.exe	22

C:\Users\Admin\AppData\Local\Temp\54acc5065c35f566bb2e493617d7bdd0.exe

Filesize
48KB

MD5
334863349cd8b3323bb89508cca4e6a8

SHA1
e591e51a42d5b6e606545bccd34de306ed893d2c

SHA256
542b9389e53c6ad881df977c3466b673189e61a329a38f008dcf0ef187bb1585

SHA512
7de86e162253450a7932ecae91200f560a49031574f9de649c1773e56a97055ccbbc77eaa8a62b1ea94ba36bc53fb2a4bc3954201ca2bbff39710e65c97af3c5

Download Submit
memory/1040-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1040-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1040-1-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/1040-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2152-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2152-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2152-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2152-20-0x00000000055A0000-0x00000000057C2000-memory.dmp

Filesize
2.1MB

Download
memory/2152-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2152-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download