78a68671857959bbed516ee52702a4110cb5cb141c7870d8991e2f218e72bee6

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2024, 17:42

Target

6fe9665d90587254c13c4e19b276ccd6.exe
Size

2.7MB
MD5

6fe9665d90587254c13c4e19b276ccd6
SHA1

1184aca76d91cb1e5ce75397879b6f389907ddaa
SHA256

78a68671857959bbed516ee52702a4110cb5cb141c7870d8991e2f218e72bee6
SHA512

ff3d567f79124bc8205cb4dfb82e838b27644d07ac545769e6c72da730e99e5e11ad2170ed93643a27f0d172a0f402a3d5a19816e248a9bfffc9c17a21f6b726
SSDEEP

49152:2SIImL5wcMLbaP1OIzm+9pp/hkR9ktBc1+Q4YdxSChG38bDUggR9t:2um+Ra9OIHpdhkHktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1396	6fe9665d90587254c13c4e19b276ccd6.exe

Executes dropped EXE 1 IoCs

pid	Process
1396	6fe9665d90587254c13c4e19b276ccd6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3112-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000600000002320c-11.dat	upx
behavioral2/memory/1396-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3112	6fe9665d90587254c13c4e19b276ccd6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3112	6fe9665d90587254c13c4e19b276ccd6.exe
1396	6fe9665d90587254c13c4e19b276ccd6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 1396	3112	6fe9665d90587254c13c4e19b276ccd6.exe	87
PID 3112 wrote to memory of 1396	3112	6fe9665d90587254c13c4e19b276ccd6.exe	87
PID 3112 wrote to memory of 1396	3112	6fe9665d90587254c13c4e19b276ccd6.exe	87

C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe

Filesize
2.7MB

MD5
e7c8babbc6e25a78bad74e4b04cd8a6c

SHA1
385f962cb08070a70839563ed929ebcb70fad32f

SHA256
78435cd69a5cb98b1da72238270e36c874154687b26655f0757e7c40c74c66cb

SHA512
4c9550c600832c3660aab9487dadcbe56c112c9511bc67fffe420a5393522ed80291518aead36e61222e8f36df8e7003011a42c8381e1fd0abdf40ea8485615b

Download Submit
memory/1396-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1396-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1396-15-0x0000000001C30000-0x0000000001D61000-memory.dmp

Filesize
1.2MB

Download
memory/1396-20-0x0000000005520000-0x0000000005742000-memory.dmp

Filesize
2.1MB

Download
memory/1396-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1396-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3112-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3112-1-0x0000000001D70000-0x0000000001EA1000-memory.dmp

Filesize
1.2MB

Download
memory/3112-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3112-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download