8be9ee0d08146cb867639a473ef12780f6cf2d8712312070c5c8b494630ca7ca

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 03:34

Target

5c0786d64f38710a76e1ed11224119e6.exe
Size

1.3MB
MD5

5c0786d64f38710a76e1ed11224119e6
SHA1

101c4e03f8b863f20fec2fc28a8843096a06159e
SHA256

8be9ee0d08146cb867639a473ef12780f6cf2d8712312070c5c8b494630ca7ca
SHA512

3d1f661c257fbc70b7abf38e358dab8e5630ba380820ec84e5bd6a647254ee4d73b47c8a614ebb2d0d6d17e1792fd9acd8dec5d8bf47ed696287f5ba7f0f2fbe
SSDEEP

24576:BnTvD2QNT5hu/JFKlQ0sP6HPgjt1ap0sVh/A/JQbbWc:BTvTNTK7KO0O6v8tQprho/Jqbp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4524	5c0786d64f38710a76e1ed11224119e6.exe

Executes dropped EXE 1 IoCs

pid	Process
4524	5c0786d64f38710a76e1ed11224119e6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4808-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023243-11.dat	upx
behavioral2/memory/4524-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4808	5c0786d64f38710a76e1ed11224119e6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4808	5c0786d64f38710a76e1ed11224119e6.exe
4524	5c0786d64f38710a76e1ed11224119e6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4524	4808	5c0786d64f38710a76e1ed11224119e6.exe	85
PID 4808 wrote to memory of 4524	4808	5c0786d64f38710a76e1ed11224119e6.exe	85
PID 4808 wrote to memory of 4524	4808	5c0786d64f38710a76e1ed11224119e6.exe	85

C:\Users\Admin\AppData\Local\Temp\5c0786d64f38710a76e1ed11224119e6.exe

Filesize
971KB

MD5
7145d3b4f4baf5d3b047e2df9f31420f

SHA1
67487d52d857f497b5b3a0b588a4bf5ed1a817e3

SHA256
5138acb612a3a345d3ba9e143110105de5ba7dad9b6fcaab70ba96e59bfb7628

SHA512
c70534973c79f5aab669a5383681dcf7fc5d4d51c46087b663a5260473edc460a191422ac8a2fb399185cd4a4b6aca6fa842cf95981e5422de1582fff3aebd4e

Download Submit
memory/4524-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4524-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4524-15-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/4524-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/4524-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4524-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4808-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4808-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4808-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4808-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download