5e6044fca5984612644d213abd98906fba97bcf1b90c9d1525ecba04494f0951

Analysis

max time kernel
135s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 20:28

Target

75715fc1007b861814022b6da3a9c7c1.exe
Size

1.5MB
MD5

75715fc1007b861814022b6da3a9c7c1
SHA1

f468d0ec2843305460ceb90e0612fbc539354465
SHA256

5e6044fca5984612644d213abd98906fba97bcf1b90c9d1525ecba04494f0951
SHA512

4ef9a3d346b14e94af235d192627aef6e0de465f826d36e5938f997522df4ae4f765e28341354bcc6d0f37f4dfbad168b45031cc09adf684974e8d9703fde6a2
SSDEEP

24576:DT7gOztknm/1oe4QyYOZDfqDuFR/bMUDqiNaVaPgwxaLS4S+uPJwsMsW:DTUOZLa6OsoRDMPikAjx+S4SZhhMs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4824	75715fc1007b861814022b6da3a9c7c1.exe

Executes dropped EXE 1 IoCs

pid	Process
4824	75715fc1007b861814022b6da3a9c7c1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4580-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000022480-12.dat	upx
behavioral2/memory/4824-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4580	75715fc1007b861814022b6da3a9c7c1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4580	75715fc1007b861814022b6da3a9c7c1.exe
4824	75715fc1007b861814022b6da3a9c7c1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4824	4580	75715fc1007b861814022b6da3a9c7c1.exe	89
PID 4580 wrote to memory of 4824	4580	75715fc1007b861814022b6da3a9c7c1.exe	89
PID 4580 wrote to memory of 4824	4580	75715fc1007b861814022b6da3a9c7c1.exe	89

C:\Users\Admin\AppData\Local\Temp\75715fc1007b861814022b6da3a9c7c1.exe

Filesize
1.4MB

MD5
6405429d8ac54fd6bb31d8246b114fb4

SHA1
04abe9b1a03a237d0376c6d8ff896054779ec2bb

SHA256
f71ab016968f304e4eafe3f13cde6dc391d00fe3831994bfde911a9761ab537c

SHA512
5f4b64d1a1a092e3d53a83aa6617b6f375716396b73f3d066b1b425a5aad3bcf969def6861c2aae60b1603f29d49e815f239732733e951da6f033c060b34fccf

Download Submit
memory/4580-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4580-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4580-3-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4580-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4824-15-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/4824-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4824-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4824-22-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/4824-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4824-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download