fb41d97640d9221ff05bc607a06914a8a0a23fff900379913ddbf47de5363b01

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 11:01

Target

5b1170fd534bb85ae72a7e36675ca94e.exe
Size

5.8MB
MD5

5b1170fd534bb85ae72a7e36675ca94e
SHA1

faf8984114d756d40c0eabd3affd46a78e5dfe29
SHA256

fb41d97640d9221ff05bc607a06914a8a0a23fff900379913ddbf47de5363b01
SHA512

a42cdee98a7f0564a14077ce5daa7d550326f12558069b82b7d4de7fd20a43762d5495ebd12766d33af49a0f91f70bb294e56c7f56d84b03c66d1f4ee7571581
SSDEEP

98304:g2vTn7BUb2mN64HBUCczzM30z9GZJ0sWzV8Pe4HBUCczzM3:gCfoZWCKg+jVOWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1956	5b1170fd534bb85ae72a7e36675ca94e.exe

Executes dropped EXE 1 IoCs

pid	Process
1956	5b1170fd534bb85ae72a7e36675ca94e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1928-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023227-11.dat	upx
behavioral2/memory/1956-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1928	5b1170fd534bb85ae72a7e36675ca94e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1928	5b1170fd534bb85ae72a7e36675ca94e.exe
1956	5b1170fd534bb85ae72a7e36675ca94e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1956	1928	5b1170fd534bb85ae72a7e36675ca94e.exe	67
PID 1928 wrote to memory of 1956	1928	5b1170fd534bb85ae72a7e36675ca94e.exe	67
PID 1928 wrote to memory of 1956	1928	5b1170fd534bb85ae72a7e36675ca94e.exe	67

C:\Users\Admin\AppData\Local\Temp\5b1170fd534bb85ae72a7e36675ca94e.exe

Filesize
149KB

MD5
eae283157f4359572ceef322a7bdc714

SHA1
815894b4a34557c91a41435d6837d76e82dde8dd

SHA256
363e3e3f971cff3dfbbcda75d27eeee7a71d5b52d4b0987a556dfbd15c1d724f

SHA512
d3e606605518ee675a620b8a2805b147bd66d8ca0e8ae9f9897f3edc4b5ab6cf5af518dac257e54025a8fbbbea990bb0bcc4c27e3f93e282a11dfe644e42cbd1

Download Submit
memory/1928-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1928-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/1928-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1928-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1956-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1956-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1956-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1956-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1956-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/1956-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download