cbc8c39dcacbe346bf08ed604adeb1225efbb1297940bb49197ada3b004a5e46

Analysis

max time kernel
134s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 18:01

Target

6847d2bcf6b5ba57dedaf2416d7293b0.exe
Size

1.5MB
MD5

6847d2bcf6b5ba57dedaf2416d7293b0
SHA1

08f3d2fc55df7f67cf7fc50bd52bb08f3d623ebc
SHA256

cbc8c39dcacbe346bf08ed604adeb1225efbb1297940bb49197ada3b004a5e46
SHA512

bbb6efc5e1f2461f2f86f7fd57a834784dcf57888f2b19914d31275d206634ad5db9d4e5ec6ada0b4c38a7ce30fe3c91c4af02661a22a1a1ea40b92977dc2a2e
SSDEEP

24576:fKx6+Dsmd09FRhhFCOr5Dwj723yik/IUqcsRzHsmonq6EKWGXACQV9qW:CxPGZZ15D023yFI5pPovWaAd9q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5092	6847d2bcf6b5ba57dedaf2416d7293b0.exe

Executes dropped EXE 1 IoCs

pid	Process
5092	6847d2bcf6b5ba57dedaf2416d7293b0.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4820-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023224-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4820	6847d2bcf6b5ba57dedaf2416d7293b0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4820	6847d2bcf6b5ba57dedaf2416d7293b0.exe
5092	6847d2bcf6b5ba57dedaf2416d7293b0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 5092	4820	6847d2bcf6b5ba57dedaf2416d7293b0.exe	88
PID 4820 wrote to memory of 5092	4820	6847d2bcf6b5ba57dedaf2416d7293b0.exe	88
PID 4820 wrote to memory of 5092	4820	6847d2bcf6b5ba57dedaf2416d7293b0.exe	88

C:\Users\Admin\AppData\Local\Temp\6847d2bcf6b5ba57dedaf2416d7293b0.exe

Filesize
314KB

MD5
d1473be354ff441571295d88179f7972

SHA1
3f5d5be9589a97908a3cb598ec80e0c27f92490a

SHA256
a3d28d7a9c784d31238472ffa90e7fcaff5c374098bda97257842b00352493c4

SHA512
ab10b52c74933a5d784e9821fb5447dcadef56b5372b17032c0e11d64652f2d816bfc9aac687b8d10745eb73687b1f80bf62d59dfb020fe9b059048826553cbe

Download Submit
memory/4820-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4820-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/4820-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4820-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5092-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5092-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5092-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5092-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5092-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/5092-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download