0917e73cace00aec5b1925aff2be26b750ffa5e0b85357fae674a7197ef08545

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 16:11

Target

6576cd124f9e5d320e6567e2702b9d8d.exe
Size

2.9MB
MD5

6576cd124f9e5d320e6567e2702b9d8d
SHA1

cf09d3e6711fc9fbc7b2b9adbc1f11430ed1e6e8
SHA256

0917e73cace00aec5b1925aff2be26b750ffa5e0b85357fae674a7197ef08545
SHA512

d9102e63b3cf71b8fb42f24d8b7dee64b3fc3fa7c2f15104e32bd12e59ecc1eed3b7d6fa42882ec71a7b37eb427bc6d8426cd9d0a1f22fad5e4119e6b0a4fd43
SSDEEP

49152:Lhk4wbh8XNWthzquloPkRaADGWacmNxC8vJ5LqpmFi38XpkMEq4:aVheNWzedsRIWgHC8bLliGSM8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2332	6576cd124f9e5d320e6567e2702b9d8d.exe

Executes dropped EXE 1 IoCs

pid	Process
2332	6576cd124f9e5d320e6567e2702b9d8d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4052-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023233-11.dat	upx
behavioral2/memory/2332-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4052	6576cd124f9e5d320e6567e2702b9d8d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4052	6576cd124f9e5d320e6567e2702b9d8d.exe
2332	6576cd124f9e5d320e6567e2702b9d8d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 2332	4052	6576cd124f9e5d320e6567e2702b9d8d.exe	89
PID 4052 wrote to memory of 2332	4052	6576cd124f9e5d320e6567e2702b9d8d.exe	89
PID 4052 wrote to memory of 2332	4052	6576cd124f9e5d320e6567e2702b9d8d.exe	89

C:\Users\Admin\AppData\Local\Temp\6576cd124f9e5d320e6567e2702b9d8d.exe

Filesize
468KB

MD5
a004457de8c87daefca84204cfb49008

SHA1
d780bd9b8a7cfaaeec621703c9b8700afe791d79

SHA256
d5b36ecccda505b57e6c7890d1f53f35a91ed4869c5a765084647b574c820be4

SHA512
1b21ce84bac6277fed13b9e227a74c1b041c5e6f969a4d5c6e7de7b2fb4714a79b0b1c6994f644ccd7d3332b044226b4b38f2c1bda58ce2289ae190cec6d77eb

Download Submit
memory/2332-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-16-0x0000000001E00000-0x0000000001F33000-memory.dmp

Filesize
1.2MB

Download
memory/2332-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2332-20-0x0000000005700000-0x000000000592A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4052-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/4052-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4052-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4052-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download