5fc45f9d446cf5dd8dcc7553e5762acff61a6868a42e00c6a840f6d9dcccf727

Analysis

max time kernel
122s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 12:45

Target

65676f55a7e69be09c3cfcf9431f2b4b.exe
Size

2.7MB
MD5

65676f55a7e69be09c3cfcf9431f2b4b
SHA1

1e0304627c272f6c36a40f0c78571c6120d3daba
SHA256

5fc45f9d446cf5dd8dcc7553e5762acff61a6868a42e00c6a840f6d9dcccf727
SHA512

eb5accffa74c4d446f7f11d174cc638c5118684b19484c08754f54e8bb163152178e8013b9ed5aea3cad73fffab148288af5f044ed3eb7760cd41be56b2f6696
SSDEEP

49152:8Mhi/PJhXmeSEqEZQIOvnbplhselm+ro2AAZ+4lRzws7qQvxTAemaQkjO8dCRf:8Mhi/PJhWTMVQnbpDlNfZzJws7qcxGkI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2668	65676f55a7e69be09c3cfcf9431f2b4b.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	65676f55a7e69be09c3cfcf9431f2b4b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2668-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002304b-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5104	65676f55a7e69be09c3cfcf9431f2b4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5104	65676f55a7e69be09c3cfcf9431f2b4b.exe
2668	65676f55a7e69be09c3cfcf9431f2b4b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 2668	5104	65676f55a7e69be09c3cfcf9431f2b4b.exe	20
PID 5104 wrote to memory of 2668	5104	65676f55a7e69be09c3cfcf9431f2b4b.exe	20
PID 5104 wrote to memory of 2668	5104	65676f55a7e69be09c3cfcf9431f2b4b.exe	20

C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe

Filesize
290KB

MD5
ae4796295573dc5fbfb3c85b46efb649

SHA1
804da7154c0ca5511b5342a280d99021b39e74ca

SHA256
ad1bbdf424c6c07a0a632e107323b9b1cc358e8490104f3a2a69279ce5e60f49

SHA512
8629c6449b3754d2a4568e5c169ac5bd02098a1d908733eea7e7dd7be4260f57639987be6bd0e2fab53518bc2e3ff2b4eba4d1b09c7fb3ce47425265892cc831

Download Submit
memory/2668-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2668-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-20-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/2668-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2668-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2668-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5104-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5104-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5104-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download