deb12ee542e8ee85256f476c60031ce04b26d884481b9be3df4479128516df1f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 00:54

Target

59d9d3426c38f1cff329800a24cc5430.exe
Size

3.9MB
MD5

59d9d3426c38f1cff329800a24cc5430
SHA1

671254f127858e9c7ff714b4cb12f8c0b8e691a6
SHA256

deb12ee542e8ee85256f476c60031ce04b26d884481b9be3df4479128516df1f
SHA512

b6295a13ede87063e61fce071b288b85d469f81742ab5f70a85499503e5284b618c099dbdf1c0bb7b588e13af56eb1dafeffa55a85e5439c4ab939aa5e707960
SSDEEP

98304:R7kcUldE1UPbMcWEWzvgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:VkcUldBYjgl/iwgWttJgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1128	59d9d3426c38f1cff329800a24cc5430.exe

Executes dropped EXE 1 IoCs

pid	Process
1128	59d9d3426c38f1cff329800a24cc5430.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e982-11.dat	upx
behavioral2/memory/1128-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4104	59d9d3426c38f1cff329800a24cc5430.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4104	59d9d3426c38f1cff329800a24cc5430.exe
1128	59d9d3426c38f1cff329800a24cc5430.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 1128	4104	59d9d3426c38f1cff329800a24cc5430.exe	88
PID 4104 wrote to memory of 1128	4104	59d9d3426c38f1cff329800a24cc5430.exe	88
PID 4104 wrote to memory of 1128	4104	59d9d3426c38f1cff329800a24cc5430.exe	88

C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe

Filesize
521KB

MD5
830cb3876f7e93e90b752c18b7f8f812

SHA1
544a7d6670aa1b62e1a01fe71ec4a742ccaa82c1

SHA256
5ea3ae8261ab4d48f23cf294cb7c338e2551abdcfcd580f8131ad22da89ec792

SHA512
f9649af62e7ee598afb22855d3eb4d72ea8106b74b9ae69ba47d07b50eb24478ef4438d7dadd127e5f01f32910f171d4d3c755826d40b9f6e74194f39da12c98

Download Submit
memory/1128-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1128-15-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/1128-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1128-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1128-22-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/1128-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4104-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4104-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4104-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download