bc0f4bd0bdd8148776e96d369e12436ce4b8828a3bb60c3b9eb082ba662c19bd

Analysis

max time kernel
151s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 11:55

Target

40cb4cecad3e64f0f099d4dc888534b1.exe
Size

2.9MB
MD5

40cb4cecad3e64f0f099d4dc888534b1
SHA1

7ffa75834dbb6447d8c4d58c7a1cae578e486ba7
SHA256

bc0f4bd0bdd8148776e96d369e12436ce4b8828a3bb60c3b9eb082ba662c19bd
SHA512

ed7d4106e5098d1ceb6478e61d30506791e6ae5c4fdc2acd22ee63bad2d834d10f5a339a4713d8a6f27eee73c9d194977780ce26911b155cb1d6b264730fe2c6
SSDEEP

49152:fRHeTQKP6bSKBNbk1jErYc2WzryMhpxQqbrsI8OFP4M338dB2IBlGuuDVUsdxxjl:ftmP65BNCjEkc/z2tVPOFgg3gnl/IVU8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2348	40cb4cecad3e64f0f099d4dc888534b1.exe

Executes dropped EXE 1 IoCs

pid	Process
2348	40cb4cecad3e64f0f099d4dc888534b1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3252-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000001e0ce-11.dat	upx
behavioral2/memory/2348-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3252	40cb4cecad3e64f0f099d4dc888534b1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3252	40cb4cecad3e64f0f099d4dc888534b1.exe
2348	40cb4cecad3e64f0f099d4dc888534b1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 2348	3252	40cb4cecad3e64f0f099d4dc888534b1.exe	93
PID 3252 wrote to memory of 2348	3252	40cb4cecad3e64f0f099d4dc888534b1.exe	93
PID 3252 wrote to memory of 2348	3252	40cb4cecad3e64f0f099d4dc888534b1.exe	93

C:\Users\Admin\AppData\Local\Temp\40cb4cecad3e64f0f099d4dc888534b1.exe

Filesize
2.9MB

MD5
23c03de5e026d7dc622a2977c7e82602

SHA1
bde693fea994d30039281aeb1c44cbcfaea64dbd

SHA256
6edce43671d15d367cf86942ac04b267b757cfd9a7f242ce04d3e6533a87a570

SHA512
0f7e38000f39ece4c5d7865d202b3eb30a3f2f03ce483ab5a52401e3dadc79b543ee1bfac20e702a92851887904516e614b96bcd3747aa6f4f48cb749ae4cbfb

Download Submit
memory/2348-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-14-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/2348-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/2348-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2348-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3252-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3252-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3252-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3252-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download