4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc

Analysis

max time kernel
91s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 00:28

Target

4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe
Size

242KB
MD5

520d8569c7328e72940d9f98d540019e
SHA1

63444616ec994e7d8652c99e02372d766c8485d5
SHA256

4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc
SHA512

4ced7a7a019420679baafcd537557d04d31e18faa85902767d9490ed8cc6359df80305d0fbf8c0f98d4ac7dd49ea91ab4bbb883b624818ef5545794d74b0315f
SSDEEP

3072:Rmnix/ZtdFgrWZd8nir31KuP7wJE5zCVFXobRNvXK8VivK0U4SSRZc0C:RF5Z/FgKz8ni8uPcZVFmjHEUfA

Score

8^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
4824	mincer.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4964-132-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/files/0x000b000000022f28-134.dat	upx
behavioral2/files/0x000b000000022f28-135.dat	upx
behavioral2/memory/4964-136-0x0000000000400000-0x000000000043B000-memory.dmp	upx
behavioral2/memory/4824-137-0x0000000000400000-0x0000000000424A00-memory.dmp	upx
behavioral2/memory/4824-138-0x0000000000400000-0x0000000000424A00-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\MSWRITE.EXE	mincer.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4824	4964	4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe	82
PID 4964 wrote to memory of 4824	4964	4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe	82
PID 4964 wrote to memory of 4824	4964	4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe	82

C:\Users\Admin\AppData\Local\Temp\4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe
"C:\Users\Admin\AppData\Local\Temp\4e80cb07a8359783ebcf6c53d1b42bf39468f2004466b960d97075fa94e4e1dc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\mincer.exe
  C:\Users\Admin\AppData\Local\Temp\mincer.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:4824

C:\Users\Admin\AppData\Local\Temp\mincer.exe

Filesize
146KB

MD5
04a3ab68310afac8616071ba1ce2b9cc

SHA1
49fc35dbe80440510425aadc1aff2c686051738f

SHA256
fe69c0e24b0c109bdfdd615e4df74306bebf8dec16c1005c7ab0b562a008d18f

SHA512
c69c1d8f768002350501ddb17b717155e379ab58adca2c20ac57419dd8c5b9364fef4ce179f967479534ee8892e42f2e4a0e5438a1a8426c93e048915f1a0091

Download Submit
C:\Users\Admin\AppData\Local\Temp\mincer.exe

Filesize
146KB

MD5
04a3ab68310afac8616071ba1ce2b9cc

SHA1
49fc35dbe80440510425aadc1aff2c686051738f

SHA256
fe69c0e24b0c109bdfdd615e4df74306bebf8dec16c1005c7ab0b562a008d18f

SHA512
c69c1d8f768002350501ddb17b717155e379ab58adca2c20ac57419dd8c5b9364fef4ce179f967479534ee8892e42f2e4a0e5438a1a8426c93e048915f1a0091

Download Submit
memory/4824-137-0x0000000000400000-0x0000000000424A00-memory.dmp

Filesize
146KB

Download
memory/4824-138-0x0000000000400000-0x0000000000424A00-memory.dmp

Filesize
146KB

Download
memory/4964-132-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4964-136-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download