162368b52fa91fa1f232396a2a33aa09ded1625ad7fa0b554da21ebef6a5925a

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 07:33

Target

58583eab1f1ecbde2023e96474aac5ab.exe
Size

11.7MB
MD5

58583eab1f1ecbde2023e96474aac5ab
SHA1

252241bd631c295da93d9421802f4c30805b1c53
SHA256

162368b52fa91fa1f232396a2a33aa09ded1625ad7fa0b554da21ebef6a5925a
SHA512

56dc0cea611228396839f957ddbeab5edab80fad6784465e698dacabb30696b45124e7591f128054cc695df74e103e4e7050b47ee83fb25dc5920baa9c5d9af3
SSDEEP

98304:pZcmHYqJVN4HBUCczzM3DqNBYWOPUXf4HBUCczzM3i/j3zdtKnKXR4HBUCczzM31:pOSYqcWCnqstMXwWC0j4WCnqstMXwWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3320	58583eab1f1ecbde2023e96474aac5ab.exe

Executes dropped EXE 1 IoCs

pid	Process
3320	58583eab1f1ecbde2023e96474aac5ab.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/852-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000b00000002315f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
852	58583eab1f1ecbde2023e96474aac5ab.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
852	58583eab1f1ecbde2023e96474aac5ab.exe
3320	58583eab1f1ecbde2023e96474aac5ab.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 3320	852	58583eab1f1ecbde2023e96474aac5ab.exe	90
PID 852 wrote to memory of 3320	852	58583eab1f1ecbde2023e96474aac5ab.exe	90
PID 852 wrote to memory of 3320	852	58583eab1f1ecbde2023e96474aac5ab.exe	90

C:\Users\Admin\AppData\Local\Temp\58583eab1f1ecbde2023e96474aac5ab.exe

Filesize
641KB

MD5
b43e384bc183f61be80c96aa53dd5d81

SHA1
8756ada17594801bb272570a545240b8ad62bbcf

SHA256
58b55423b9cde5e3787573ed9d6ca1d656405a0f3469cbc44c9c3bc89d716626

SHA512
74a25394c04e325c0e3c638ac35f63da53c9b7dbef30d67be524958e27d21c4bd139be19a59e6e9c8626cf17277cc3ac6026c8abb5f2aa3bb29d4a6b03206f8e

Download Submit
memory/852-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/852-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/852-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/852-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3320-21-0x0000000005710000-0x000000000593A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3320-13-0x0000000001E10000-0x0000000001F43000-memory.dmp

Filesize
1.2MB

Download
memory/3320-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download