f1c872d4cbcc5df703d9c83531adf09adc176bbb7b20a6f44d4dc938fa689614

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 08:45

Target

8671b992da213a51468c3d847faf5d9b.exe
Size

353KB
MD5

8671b992da213a51468c3d847faf5d9b
SHA1

ac236f5552679cfb07c5e52ad32e8ee76058e031
SHA256

f1c872d4cbcc5df703d9c83531adf09adc176bbb7b20a6f44d4dc938fa689614
SHA512

d3b01b4bae0e8d91c5c83bae3b73c9051630918024bad2fa4495fada2d3c398df129f979f4304d8a0f99de462a93870889094833f3187969c38cbdc6e1221115
SSDEEP

6144:9/e1yxwibYgmUO0sQNovhtEHdXveeZe1opHYdxfsLPrPwo+:eewibYFFPvjE9eoYTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1216	8671b992da213a51468c3d847faf5d9b.exe

Executes dropped EXE 1 IoCs

pid	Process
1216	8671b992da213a51468c3d847faf5d9b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3516-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/memory/1216-14-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x000600000002324d-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3516	8671b992da213a51468c3d847faf5d9b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3516	8671b992da213a51468c3d847faf5d9b.exe
1216	8671b992da213a51468c3d847faf5d9b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 1216	3516	8671b992da213a51468c3d847faf5d9b.exe	75
PID 3516 wrote to memory of 1216	3516	8671b992da213a51468c3d847faf5d9b.exe	75
PID 3516 wrote to memory of 1216	3516	8671b992da213a51468c3d847faf5d9b.exe	75

C:\Users\Admin\AppData\Local\Temp\8671b992da213a51468c3d847faf5d9b.exe

Filesize
59KB

MD5
51b6b730fd5e7689003c30e89abb15db

SHA1
426c6f129884d8da43b779aa0fc762383b5959d5

SHA256
e534025efbba6cc39e2d06a997d34f7be610848109b017aa722453690f6ffa29

SHA512
a35f2592d6fd67851be72184be5218fc39c0b1ee2cffcafa50272b5a8fb85f1f0addb6bb072a473d8bb926aa04b392af40aa6f9fff5b0d316fb2d390b3fae327

Download Submit
memory/1216-14-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/1216-17-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/1216-22-0x0000000001580000-0x00000000015D0000-memory.dmp

Filesize
320KB

Download
memory/1216-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1216-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1216-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3516-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3516-1-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/3516-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3516-12-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download