cc0aa58e9e6f25f0d0a3f7a4f6ec237f7d627dd20244f6b379908ac8ad85c74c

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 05:15

Target

648f55eb3b697a2e2cda6d458e65ec38.exe
Size

2.9MB
MD5

648f55eb3b697a2e2cda6d458e65ec38
SHA1

57190c8424cf63ed73fa63d3b08ca2f70e1554ba
SHA256

cc0aa58e9e6f25f0d0a3f7a4f6ec237f7d627dd20244f6b379908ac8ad85c74c
SHA512

614254feb802e64ba8acb9bfd35033d8ff7c404f75ddfd2cc62f82b9788e450e9e756b3adfe13527fa7de9dc9c0bdc73a9e5694910e012327842c912a89cc0d5
SSDEEP

49152:yfOn4yCLqm2MDmCO2E5NwVfXalP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:z4pLql45W5yxQgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4568	648f55eb3b697a2e2cda6d458e65ec38.exe

Executes dropped EXE 1 IoCs

pid	Process
4568	648f55eb3b697a2e2cda6d458e65ec38.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/652-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023225-11.dat	upx
behavioral2/memory/4568-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
652	648f55eb3b697a2e2cda6d458e65ec38.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
652	648f55eb3b697a2e2cda6d458e65ec38.exe
4568	648f55eb3b697a2e2cda6d458e65ec38.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 4568	652	648f55eb3b697a2e2cda6d458e65ec38.exe	87
PID 652 wrote to memory of 4568	652	648f55eb3b697a2e2cda6d458e65ec38.exe	87
PID 652 wrote to memory of 4568	652	648f55eb3b697a2e2cda6d458e65ec38.exe	87

C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe

Filesize
1.2MB

MD5
de549fce032bd3ee5fe59eacc5fcec93

SHA1
1cf1abbeab06bec3c3de74ceecd3f370ba826db3

SHA256
fd46504f70859ca601406dab5ca30b78f427102bd5f6f63028a064f1e236c1f9

SHA512
4d23a7a0e56c6873949f24565955b2194dff20fd0573ac53dc692b3d5cc6821388bab1f1bcfd14166b25f9907ff9ec717756286a59c2d0fbfd30b973a0360b45

Download Submit
memory/652-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/652-1-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/652-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/652-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4568-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4568-14-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/4568-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4568-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4568-21-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/4568-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download