0b0f4872cea385e033d16bb4662afc78ddc4b562a7f2dd1af735af200d0ec2fa

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 17:35

Target

659f99f6b0b8b040af44745600879845.exe
Size

11.7MB
MD5

659f99f6b0b8b040af44745600879845
SHA1

6a45183831f190d00e16285868761f23d268d997
SHA256

0b0f4872cea385e033d16bb4662afc78ddc4b562a7f2dd1af735af200d0ec2fa
SHA512

20ea10d6fe7134f5d52df354c84e15a9f3b1165b03612b9760953a9d5ff95dc727989cac6c6fd82dc40e35456fc45eb9e795517cd06b8f23e9b9790aaf5a74ec
SSDEEP

196608:ls2LVo+lIXXsBl31YQvGeq+xTXsBl31YeEhAiXsBl31YQvGeq+xTXsBl31Y:umBlIXc3hvvzxTc30hAic3hvvzxTc3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2224	659f99f6b0b8b040af44745600879845.exe

Executes dropped EXE 1 IoCs

pid	Process
2224	659f99f6b0b8b040af44745600879845.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3376-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000231fb-11.dat	upx
behavioral2/memory/2224-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3376	659f99f6b0b8b040af44745600879845.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3376	659f99f6b0b8b040af44745600879845.exe
2224	659f99f6b0b8b040af44745600879845.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 2224	3376	659f99f6b0b8b040af44745600879845.exe	89
PID 3376 wrote to memory of 2224	3376	659f99f6b0b8b040af44745600879845.exe	89
PID 3376 wrote to memory of 2224	3376	659f99f6b0b8b040af44745600879845.exe	89

C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe

Filesize
1.1MB

MD5
9e283ed6ed6b24bbd20d5dabadccae3a

SHA1
b0abf79de18561b04a761ce4090a30465cf8d081

SHA256
17f9893837a2eb6bc3c6c96c577f3ba61ef34023926d5bb1ec362204fb8d10b0

SHA512
f0fb65a32fb07830a830fb8f392add1f0cf65849b7c2846494460867e57f49042e76b4601be61cae2ebd29180df7fc578556e498878460f2d2a1b27fd4695687

Download Submit
memory/2224-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-16-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/2224-20-0x00000000054F0000-0x000000000571A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2224-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3376-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3376-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/3376-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3376-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download