1685e9c0d620f32eb7345009d8603c173dedfd190f495f8d5b97dff845e2a316

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 00:03

Target

4241fd9e1613662e4bc50b97d239408b.exe
Size

115KB
MD5

4241fd9e1613662e4bc50b97d239408b
SHA1

423fab60adada319b2141be32f7dc73dbef95808
SHA256

1685e9c0d620f32eb7345009d8603c173dedfd190f495f8d5b97dff845e2a316
SHA512

a7d55588f12726ad0f26d87e7829ef9c0daf648b32eb49c5d583c283f68fe4ba40e4ee3c3b4122676130e2d07665d8531440fbb0e1796cf37eed0d27d4a95445
SSDEEP

3072:ytzASOaxRwxHCk5Lnk72yJGx6DCvIxUcnRHRaeWY+:U0SO6SxHpdnJwGcDoI3IY

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1240	4241fd9e1613662e4bc50b97d239408b.exe

Executes dropped EXE 1 IoCs

pid	Process
1240	4241fd9e1613662e4bc50b97d239408b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/memory/1240-15-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/files/0x0007000000023039-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
216	4241fd9e1613662e4bc50b97d239408b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
216	4241fd9e1613662e4bc50b97d239408b.exe
1240	4241fd9e1613662e4bc50b97d239408b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1240	216	4241fd9e1613662e4bc50b97d239408b.exe	42
PID 216 wrote to memory of 1240	216	4241fd9e1613662e4bc50b97d239408b.exe	42
PID 216 wrote to memory of 1240	216	4241fd9e1613662e4bc50b97d239408b.exe	42

C:\Users\Admin\AppData\Local\Temp\4241fd9e1613662e4bc50b97d239408b.exe

Filesize
115KB

MD5
4f2c9edc19a89935ac9495c5067ff97e

SHA1
50aa69873761cbc9389785ae78c76eace2946e05

SHA256
c924b6a40e741e2862a1a0e39c5195c983a7a3dd13a9bbd28ed51f0a60db1931

SHA512
ce449fed9ec3049e2a1801f1e81c5c621ab5cb3afe0c2b6dc3dabe7162f760c09627f4cd0dc16128a5d0ddac82a0dfb3a7a91951904670ac9e55932c575a0abb

Download Submit
memory/216-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/216-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-1-0x00000000001B0000-0x00000000001CD000-memory.dmp

Filesize
116KB

Download
memory/1240-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1240-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1240-25-0x00000000014C0000-0x00000000014DD000-memory.dmp

Filesize
116KB

Download
memory/1240-22-0x0000000000190000-0x00000000001AD000-memory.dmp

Filesize
116KB

Download
memory/1240-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download