207924516bb2662ff59ebaf8e75ae6e4e56434cd651e770bf1b1888638c6d2cf

Analysis

max time kernel
128s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 09:03

Target

40707b2f2d972c250d8aefc2f116a521.exe
Size

2.9MB
MD5

40707b2f2d972c250d8aefc2f116a521
SHA1

f24501550afb45febb55ec9f3abe87356be74f00
SHA256

207924516bb2662ff59ebaf8e75ae6e4e56434cd651e770bf1b1888638c6d2cf
SHA512

4ce4d3d3a6c76bdd3df1bd40ac8b9a6ef6128525e5492b1f9422d541a42015f9129d249d709447da82c87b775be6031bba4356917b6481a0f69c00ea9e3daca1
SSDEEP

49152:N66zIYAZGCRK0QQf1AvKY9P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:coHOOSY9gg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1592	40707b2f2d972c250d8aefc2f116a521.exe

Executes dropped EXE 1 IoCs

pid	Process
1592	40707b2f2d972c250d8aefc2f116a521.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1508-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321d-11.dat	upx
behavioral2/memory/1592-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1508	40707b2f2d972c250d8aefc2f116a521.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1508	40707b2f2d972c250d8aefc2f116a521.exe
1592	40707b2f2d972c250d8aefc2f116a521.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1592	1508	40707b2f2d972c250d8aefc2f116a521.exe	91
PID 1508 wrote to memory of 1592	1508	40707b2f2d972c250d8aefc2f116a521.exe	91
PID 1508 wrote to memory of 1592	1508	40707b2f2d972c250d8aefc2f116a521.exe	91

C:\Users\Admin\AppData\Local\Temp\40707b2f2d972c250d8aefc2f116a521.exe

Filesize
565KB

MD5
a46b648d169a727ae1bdae56ee6ebc9a

SHA1
e1a327f920805928ccb1aa7820709e84e2c1bb63

SHA256
f70893cfb2f23ba61adc905b452a385bf678482f9f9049570e12a4f64a12e1e0

SHA512
5970eafaae2326a1d723a92345ff7f503451963edd403198c9d5a5fc43bfd46626c745357440bd1a302b4c7d1faa9d75850c91fef5fd24e1bc6165109c26ab0f

Download Submit
memory/1508-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1508-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/1508-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1508-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1592-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1592-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1592-14-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/1592-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1592-21-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/1592-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download