d46b7519480fd60331e5c7323616af272aeab058376f6aa1887d8b43ad09a672

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 01:16

Target

59e49e3b038607a14661ac42049e6519.exe
Size

1.3MB
MD5

59e49e3b038607a14661ac42049e6519
SHA1

9e1e61938de8e990ab08f554556f741b564ce881
SHA256

d46b7519480fd60331e5c7323616af272aeab058376f6aa1887d8b43ad09a672
SHA512

39fd896fe5182f9533136f1a0627c1b421661ab2353f763f59fed97029fe136dc6a988f83c0881452284bf385c15e72b3b1ae14e77e73fd4d9a62e26ab3a8dbb
SSDEEP

24576:wO6/42tHC+eKseqqV9iXn8CYjOgcybsPfceRZj0dbFxMR5lb5WO:wO0tHC1KH/WGzcybmfce7jSW5f

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1436	59e49e3b038607a14661ac42049e6519.exe

Executes dropped EXE 1 IoCs

pid	Process
1436	59e49e3b038607a14661ac42049e6519.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/files/0x000e000000023152-11.dat	upx
behavioral2/memory/1436-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4560-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4560	59e49e3b038607a14661ac42049e6519.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4560	59e49e3b038607a14661ac42049e6519.exe
1436	59e49e3b038607a14661ac42049e6519.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 1436	4560	59e49e3b038607a14661ac42049e6519.exe	17
PID 4560 wrote to memory of 1436	4560	59e49e3b038607a14661ac42049e6519.exe	17
PID 4560 wrote to memory of 1436	4560	59e49e3b038607a14661ac42049e6519.exe	17

C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe

Filesize
209KB

MD5
ac1a82ebfb464fd3a7a3ea0296f7fa33

SHA1
45a7ed280dce447cd9d0afafa06bc2ef8687b553

SHA256
87b84a7745705560ba332564565c632ba4ac2d252e366aadb9382607ab9876af

SHA512
7285670570f452168845e92a1198ca233b663241d793ad0086aa0e7b22c424fe225c446db49bd4945f8e375667968144eefb2f554bec87ec498a95517b2492d7

Download Submit
memory/1436-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1436-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1436-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1436-21-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/1436-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1436-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4560-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/4560-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4560-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4560-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download