7fab6caf09674636863dab788e1e1d2c27e29299d6eac3f534268d28d369d276

Analysis

max time kernel
135s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 00:40

Target

6673a39c54943d413cea158f0268542c.exe
Size

5.8MB
MD5

6673a39c54943d413cea158f0268542c
SHA1

56bcbb80a5794885b64f39ca6dcac14d7111970d
SHA256

7fab6caf09674636863dab788e1e1d2c27e29299d6eac3f534268d28d369d276
SHA512

6b3987ec92b172db83167dac7d7cfb0769a8a65630736715d596cbd165439ef44404ec6409f7a53c0a38546304c46d021321a3947c464f15918951b217fa19a3
SSDEEP

98304:rYZkLVts5C+3Hau42c1joCjMPkNwk6lz93Ho+dhWfsQxq4GlxOHau42c1joCjMP3:dtR0auq1jI86d93HYfsQs4Gl2auq1jIH

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2172	6673a39c54943d413cea158f0268542c.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	6673a39c54943d413cea158f0268542c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2172-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3480	6673a39c54943d413cea158f0268542c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3480	6673a39c54943d413cea158f0268542c.exe
2172	6673a39c54943d413cea158f0268542c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 2172	3480	6673a39c54943d413cea158f0268542c.exe	87
PID 3480 wrote to memory of 2172	3480	6673a39c54943d413cea158f0268542c.exe	87
PID 3480 wrote to memory of 2172	3480	6673a39c54943d413cea158f0268542c.exe	87

C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe

Filesize
250KB

MD5
201ce9b61fe74c5c98d3b0902809529c

SHA1
edbbef4a59c26f5795a4112dbe5a5ba3b355acbe

SHA256
3dcc9e4ff02ec16bf53d11791641f0ce1246320ae98bd3c5a5b39ce3b4571beb

SHA512
0fda8ff23b53f40cf4442c8cd3c3976caea05ec4239b654050f266b07ffab377af59269e3a7f33a6f24c253bf90713d76df8f664fa4113dd3b800392decb65dc

Download Submit
memory/2172-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-15-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/2172-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-21-0x00000000056A0000-0x00000000058CA000-memory.dmp

Filesize
2.2MB

Download
memory/2172-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3480-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3480-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3480-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download