3947da3f6396cc14fd47521312ad46d5afd93b711c05f1f2952e3f691a3e795b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 01:09

Target

48188d02df997cc3856af968280206e2.exe
Size

353KB
MD5

48188d02df997cc3856af968280206e2
SHA1

4571de51678ed4403d378bb48a05ba5e05fe99e8
SHA256

3947da3f6396cc14fd47521312ad46d5afd93b711c05f1f2952e3f691a3e795b
SHA512

0f4de1848d20cbb655e92721e5647f9fe9e68ef2a69fa40d1828f9fcd7b9d1b867dff3ee1085e2d2c39593b2c9d9857f99c6113053c10b00d7bda08a790fa648
SSDEEP

6144:Y8TVl/60L6dxJfnITw7zKivUhIYE+1Xjq9YdxfsLPrPwo+:Y8/y0L6dxVa/hIYEoTq9YTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4572	48188d02df997cc3856af968280206e2.exe

Executes dropped EXE 1 IoCs

pid	Process
4572	48188d02df997cc3856af968280206e2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1848-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x0007000000023221-12.dat	upx
behavioral2/memory/4572-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1848	48188d02df997cc3856af968280206e2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1848	48188d02df997cc3856af968280206e2.exe
4572	48188d02df997cc3856af968280206e2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 4572	1848	48188d02df997cc3856af968280206e2.exe	91
PID 1848 wrote to memory of 4572	1848	48188d02df997cc3856af968280206e2.exe	91
PID 1848 wrote to memory of 4572	1848	48188d02df997cc3856af968280206e2.exe	91

C:\Users\Admin\AppData\Local\Temp\48188d02df997cc3856af968280206e2.exe

Filesize
353KB

MD5
1222d87b2fc590f968ebc0e639379a22

SHA1
3d985cf3b6ccec9daeb9ec69a591701a60b79b9b

SHA256
87d48a1f3a9a2f2b9e06af0d1aa28a3ae1bac6eac5642bedbb0e63b6a11c15cd

SHA512
aca2bb1c76b61a8cfd3c57952976530c8a2a9d85031a43daef181564327e9e6fd3b7eab2d3e4c959c1b5b9139871d5e4bb02bbeb46758f6433b7f86e5448d557

Download Submit
memory/1848-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/1848-1-0x0000000001660000-0x0000000001693000-memory.dmp

Filesize
204KB

Download
memory/1848-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1848-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4572-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4572-15-0x0000000001620000-0x0000000001653000-memory.dmp

Filesize
204KB

Download
memory/4572-27-0x0000000004E50000-0x0000000004EA0000-memory.dmp

Filesize
320KB

Download
memory/4572-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4572-16-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4572-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download