278f480bbd718882ddd07fd76fa8c721b16e7f726865464d45e893dda2bf7231

Analysis

max time kernel
152s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 19:30

Target

41b8f49b116f6fb73ac2af6da1972fe8.exe
Size

2.9MB
MD5

41b8f49b116f6fb73ac2af6da1972fe8
SHA1

beaa8b890aed4395897641b58957817d36678a36
SHA256

278f480bbd718882ddd07fd76fa8c721b16e7f726865464d45e893dda2bf7231
SHA512

48c036859429a93e32020bbed6c321dfc1838d0ef84e7bc1850b228407b0443a9851bb2df79e27780c6832e09e6e9d684cb1e94a6ea4254404d5c903e52e297a
SSDEEP

49152:NLipDd8AUvTvPGoZdYQ+5FizoX/1N74NH5HUyNRcUsCVOzetdZJ:Ne+Tjz/+5FeoP14HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3668	41b8f49b116f6fb73ac2af6da1972fe8.exe

Executes dropped EXE 1 IoCs

pid	Process
3668	41b8f49b116f6fb73ac2af6da1972fe8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3640-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fe-11.dat	upx
behavioral2/memory/3668-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3640	41b8f49b116f6fb73ac2af6da1972fe8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3640	41b8f49b116f6fb73ac2af6da1972fe8.exe
3668	41b8f49b116f6fb73ac2af6da1972fe8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3668	3640	41b8f49b116f6fb73ac2af6da1972fe8.exe	91
PID 3640 wrote to memory of 3668	3640	41b8f49b116f6fb73ac2af6da1972fe8.exe	91
PID 3640 wrote to memory of 3668	3640	41b8f49b116f6fb73ac2af6da1972fe8.exe	91

C:\Users\Admin\AppData\Local\Temp\41b8f49b116f6fb73ac2af6da1972fe8.exe

Filesize
898KB

MD5
77f258ba77d118468d9037e418b4b3f2

SHA1
67ebfb17007cfd3831869a9994ac771e71dca381

SHA256
20552f880e71b6f70000da0c850c41355202b63fdedb6bcd6aca83e8805078b9

SHA512
223b072199d3c158349a5f25afa984809456eef890d147724a69f37ec9953e1e41d51460fd35599c62a274c0d5a4678f8f5bdcb9d30709fdda0c4e32fc05f87a

Download Submit
memory/3640-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3640-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3640-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3640-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3668-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3668-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3668-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3668-20-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/3668-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3668-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download