123bbf72ffee76928b2ff76f6cc6ae6886037338bf081f97fd40ac3ff95489a8

Analysis

max time kernel
246s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:59

Target

41c5272a3117496b94a25f3915fe4d39.exe
Size

59KB
MD5

41c5272a3117496b94a25f3915fe4d39
SHA1

0a90f63770d729d34de1812e4d480e5fccfec4fc
SHA256

123bbf72ffee76928b2ff76f6cc6ae6886037338bf081f97fd40ac3ff95489a8
SHA512

8cc70282d94934bac9fde678bf68a937e8ca386ccc5f0b775f0ca4231d39f1ac445ad016545c17c3d3bae0760b51cb61a3490fb913f42ede6f1ac579b3d488e9
SSDEEP

1536:mJkYAJVMMyLxsp3oV/AalaKr2rKjMi+AXHMxgi8KZ:me19q9Kuz+Ksnh

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
496	41c5272a3117496b94a25f3915fe4d39.exe

Executes dropped EXE 1 IoCs

pid	Process
496	41c5272a3117496b94a25f3915fe4d39.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3764-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/memory/496-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000700000002321f-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3764	41c5272a3117496b94a25f3915fe4d39.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3764	41c5272a3117496b94a25f3915fe4d39.exe
496	41c5272a3117496b94a25f3915fe4d39.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 496	3764	41c5272a3117496b94a25f3915fe4d39.exe	94
PID 3764 wrote to memory of 496	3764	41c5272a3117496b94a25f3915fe4d39.exe	94
PID 3764 wrote to memory of 496	3764	41c5272a3117496b94a25f3915fe4d39.exe	94

C:\Users\Admin\AppData\Local\Temp\41c5272a3117496b94a25f3915fe4d39.exe

Filesize
59KB

MD5
ef093e653c438621191054cd99287cf6

SHA1
37f461d1738bf3336b892df5de9066f28e1090d8

SHA256
4b4e249bfeec55de6bc5be73c79a83c398bfcbad30cd3f3448cbe113a221b603

SHA512
7c439555d0696f01c2885aad4c9f86b15857ad9e08b24ab5080ea9fe1c0431275d93763cf4cd356e6b75f2023002aba39365f55e588b878629d408db96f48516

Download Submit
memory/496-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/496-15-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/496-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/496-21-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/496-26-0x00000000014C0000-0x00000000014DD000-memory.dmp

Filesize
116KB

Download
memory/496-27-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3764-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3764-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/3764-2-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3764-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3764-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download