f8554ded100f53d52d5fcd95c55320bbbc5a2b3f2498f6d6459065e96db28e16

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 23:02

Target

b5e144ed5987ed8da70b4e727c916714.exe
Size

353KB
MD5

b5e144ed5987ed8da70b4e727c916714
SHA1

30b7c513837542e151f608ad1956c6f0b0741b56
SHA256

f8554ded100f53d52d5fcd95c55320bbbc5a2b3f2498f6d6459065e96db28e16
SHA512

7ac4d29e5c593e7d716cff817619de19c8847c371405fbb0e850509fb9b73d50c4402eef8803d44f32454cd3d44cd13827ad19e6527fd840e622443697ce1025
SSDEEP

6144:OKg7aISAn0WhIkpdIBVeCPiyMYdxfsLPrPwo+:OxkQMi5YTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2128	b5e144ed5987ed8da70b4e727c916714.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	b5e144ed5987ed8da70b4e727c916714.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4468-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x0007000000023244-12.dat	upx
behavioral2/memory/2128-14-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4468	b5e144ed5987ed8da70b4e727c916714.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4468	b5e144ed5987ed8da70b4e727c916714.exe
2128	b5e144ed5987ed8da70b4e727c916714.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 2128	4468	b5e144ed5987ed8da70b4e727c916714.exe	88
PID 4468 wrote to memory of 2128	4468	b5e144ed5987ed8da70b4e727c916714.exe	88
PID 4468 wrote to memory of 2128	4468	b5e144ed5987ed8da70b4e727c916714.exe	88

C:\Users\Admin\AppData\Local\Temp\b5e144ed5987ed8da70b4e727c916714.exe

Filesize
353KB

MD5
7bfad8a7e52d25c90386d707549689b3

SHA1
1c96ce4eef300f4ea13edfb13684719c4376e68e

SHA256
b1f0d386c8eeee1df850ab78e9052fa7d08ca2f06a47226c1cfdc69e372a4352

SHA512
47f8f7e2cc2a1ae14d0208ed029d5e478bb4b03f59bff066d4f7fe9a0eb944649f0d4f3970f81e55105e5f83ad3b1118f11b409a8e1cf131181de5c78c87ef45

Download Submit
memory/2128-14-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2128-16-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/2128-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2128-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2128-23-0x0000000001580000-0x00000000015D0000-memory.dmp

Filesize
320KB

Download
memory/2128-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4468-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4468-1-0x0000000000190000-0x00000000001C3000-memory.dmp

Filesize
204KB

Download
memory/4468-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4468-13-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download