201b840e6fe91725b58d6aee69f18595605113f87923f46c8c841be1a89407cc

Analysis

max time kernel
92s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 23:09

Target

75c12614ff1ae373c3af34369c105ef5.exe
Size

1.3MB
MD5

75c12614ff1ae373c3af34369c105ef5
SHA1

7cbb250da20addfa68223eb5a816cb9abf80729a
SHA256

201b840e6fe91725b58d6aee69f18595605113f87923f46c8c841be1a89407cc
SHA512

830e3611ea72d71773e57c665a9072219efde8122efb0e56235eef5d4d44229e427c5f481966984823c61de38984091ae0d6ef61034e665341120c89f15dbdc7
SSDEEP

24576:wwPDtpl2qLWWMpfoXaVCPuuFD+xrLfuZNBMk/IzwJQFIG33fgazUkYPpyn2csq+p:ww7tplv+/iTV+xrLfuZ4mIzwJQFI+345

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
412	75c12614ff1ae373c3af34369c105ef5.exe

Executes dropped EXE 1 IoCs

pid	Process
412	75c12614ff1ae373c3af34369c105ef5.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4192-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231e0-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4192	75c12614ff1ae373c3af34369c105ef5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4192	75c12614ff1ae373c3af34369c105ef5.exe
412	75c12614ff1ae373c3af34369c105ef5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 412	4192	75c12614ff1ae373c3af34369c105ef5.exe	84
PID 4192 wrote to memory of 412	4192	75c12614ff1ae373c3af34369c105ef5.exe	84
PID 4192 wrote to memory of 412	4192	75c12614ff1ae373c3af34369c105ef5.exe	84

C:\Users\Admin\AppData\Local\Temp\75c12614ff1ae373c3af34369c105ef5.exe

Filesize
113KB

MD5
ddcc404bd27512e13491eff23b469bc7

SHA1
68059505bb80ae1bfaab9c644eb0e67041ca8678

SHA256
ec7549cf9b1e2ced37f0b80fd4515707c35bbc7d3542eeab68a3f6d04dd71594

SHA512
2c4002c6caf730eb77d76aa2e1f1c45836cf970de3fd5c5fe311fb93da8d234ad36cff2afa2ee60d736568cbff5b9b565159eb117fa3ba904aaa58c7d16c90c0

Download Submit
memory/412-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/412-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/412-15-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/412-22-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/412-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/412-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4192-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4192-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4192-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4192-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download