4841e6056a8e0081225ff5ad56f0e20bac46e1e00f93c5ed70fbff9cd93f9a9a

Analysis

max time kernel
204s
max time network
227s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 23:49

Target

4450a5abc48b1b16fd5e892a026c5558.exe
Size

59KB
MD5

4450a5abc48b1b16fd5e892a026c5558
SHA1

83e9d363c93fab06312cd1e24c6bb372e417746f
SHA256

4841e6056a8e0081225ff5ad56f0e20bac46e1e00f93c5ed70fbff9cd93f9a9a
SHA512

af639c2061e028fe99a2556ae8304720f5d8f6a5a61a03b806aa5d461c573e37c96d3f4502d3f6cd75298eee817009a7eeed4b07ff656f1b8c61359dac530554
SSDEEP

1536:AZruOQGX7ofJo0ryzrpQda+YZ1y4BQOFMVy17nEi5m:6y7gr6MnZoJOFMmnEik

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4756	4450a5abc48b1b16fd5e892a026c5558.exe

Executes dropped EXE 1 IoCs

pid	Process
4756	4450a5abc48b1b16fd5e892a026c5558.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4908-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x0006000000023224-12.dat	upx
behavioral2/memory/4756-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4908	4450a5abc48b1b16fd5e892a026c5558.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4908	4450a5abc48b1b16fd5e892a026c5558.exe
4756	4450a5abc48b1b16fd5e892a026c5558.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4756	4908	4450a5abc48b1b16fd5e892a026c5558.exe	93
PID 4908 wrote to memory of 4756	4908	4450a5abc48b1b16fd5e892a026c5558.exe	93
PID 4908 wrote to memory of 4756	4908	4450a5abc48b1b16fd5e892a026c5558.exe	93

C:\Users\Admin\AppData\Local\Temp\4450a5abc48b1b16fd5e892a026c5558.exe

Filesize
59KB

MD5
2b156a764530a2ec506b5a8c6e0b83ab

SHA1
b8192c5e2c7d6e6093fe68d6b1c667282bbf06e3

SHA256
09c87b542c245d14761f191f06fb683618619a9d9b9d3a1a4687627e5867827f

SHA512
6ccb3b910989a773474dfdcb7ada4295a9ee0b673b5fbab9ff5dfd80ba3b330460eb5eb6b7bde171dc43c42b8802a2274d94e5c4c8c8f2646922c41c6ffd1f05

Download Submit
memory/4756-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4756-14-0x00000000001A0000-0x00000000001AF000-memory.dmp

Filesize
60KB

Download
memory/4756-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4756-21-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4756-24-0x00000000014C0000-0x00000000014DD000-memory.dmp

Filesize
116KB

Download
memory/4756-27-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4908-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4908-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/4908-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4908-10-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4908-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download