cab81b92b10159c61673842d780a4e6bdfb0e1272bf851b61ee25c249744bf25

Analysis

max time kernel
148s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 07:45

Target

4323fa4d2c88efdd640cbfba3f3ad758.exe
Size

1.3MB
MD5

4323fa4d2c88efdd640cbfba3f3ad758
SHA1

c989d1e9d136ca6a50d3e779016800567f31e063
SHA256

cab81b92b10159c61673842d780a4e6bdfb0e1272bf851b61ee25c249744bf25
SHA512

e57e8298cee8b2487bdd7d83ed7865f69d4f77da3c39d4019817cca3bef92fa61fc95d542694c733fd522a469ed9f0b406dc321faea1159bf5f7674aca1f899c
SSDEEP

24576:lBI6r1/099WPBISyiPnY+sdXpkmn5/Yxlu1lH5uqjTyikBzmWO:pZ0LNgPap3pYxlufQ6ubBzmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
208	4323fa4d2c88efdd640cbfba3f3ad758.exe

Executes dropped EXE 1 IoCs

pid	Process
208	4323fa4d2c88efdd640cbfba3f3ad758.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5388-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002320f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5388	4323fa4d2c88efdd640cbfba3f3ad758.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5388	4323fa4d2c88efdd640cbfba3f3ad758.exe
208	4323fa4d2c88efdd640cbfba3f3ad758.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5388 wrote to memory of 208	5388	4323fa4d2c88efdd640cbfba3f3ad758.exe	21
PID 5388 wrote to memory of 208	5388	4323fa4d2c88efdd640cbfba3f3ad758.exe	21
PID 5388 wrote to memory of 208	5388	4323fa4d2c88efdd640cbfba3f3ad758.exe	21

C:\Users\Admin\AppData\Local\Temp\4323fa4d2c88efdd640cbfba3f3ad758.exe

Filesize
19KB

MD5
210bc0e57a6c69a3e00deca7c7234521

SHA1
f7da3f07ec1b90a10688a352b1651c53aaf0cb59

SHA256
9c1a9849b3d03eb8d188382f437eda7e40231474e8757e26be53da8eba9241fe

SHA512
5792657b4c2958b6e6e56c268e8b8c0f8bc03bf2c89d29ff8cb32e79ca4838f6895d7dd8b058107c595169fb06d31999b13b7fb9242efdb6d93b60cb787110a1

Download Submit
memory/208-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/208-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/208-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/208-20-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/208-13-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/208-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5388-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5388-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5388-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/5388-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download