af68a65217f86839997e3e1f57d22b3f186be8bee0a485098403e604985e3904

Analysis

max time kernel
141s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

458f1cab0e2be7edf7813220bf01eb44.exe
Size

137KB
MD5

458f1cab0e2be7edf7813220bf01eb44
SHA1

5d66b4f89babf9d8f21114bc8b7f220ca5559796
SHA256

af68a65217f86839997e3e1f57d22b3f186be8bee0a485098403e604985e3904
SHA512

b466674b7632bf800c6de842c15ffbed1ae0bae1de5c0ec4155df18e3ffa0a655033c732189c701c06cd32114823901e3ea4ddca9c151d35eb4abd9276eebe55
SSDEEP

3072:Tm1JM1fAk93fBJIZp5NzcFWGQNJp6Ao+Gk9D5K5W7pA/bout:T2MZd93J67zHhXpPGNc7pAzoS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3276-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4028-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3276-20-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/4028-22-0x0000000000400000-0x000000000042A000-memory.dmp	upx

Suspicious behavior: RenamesItself 2 IoCs

pid	Process
3276	458f1cab0e2be7edf7813220bf01eb44.exe
4028	cuquouv.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 4028	3276	458f1cab0e2be7edf7813220bf01eb44.exe	20
PID 3276 wrote to memory of 4028	3276	458f1cab0e2be7edf7813220bf01eb44.exe	20
PID 3276 wrote to memory of 4028	3276	458f1cab0e2be7edf7813220bf01eb44.exe	20

C:\Users\Admin\AppData\Local\Temp\458f1cab0e2be7edf7813220bf01eb44.exe
"C:\Users\Admin\AppData\Local\Temp\458f1cab0e2be7edf7813220bf01eb44.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Windows\SysWOW64\cuquouv.exe
  C:\Windows\system32\cuquouv.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3276-1-0x0000000002570000-0x00000000025A1000-memory.dmp

Filesize
196KB

Download
memory/3276-3-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/3276-19-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/3276-20-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3276-21-0x0000000002570000-0x00000000025A1000-memory.dmp

Filesize
196KB

Download
memory/3276-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3276-2-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/3276-7-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/3276-4-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/3276-5-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/3276-6-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/4028-9-0x0000000000690000-0x00000000006C1000-memory.dmp

Filesize
196KB

Download
memory/4028-14-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/4028-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4028-11-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/4028-12-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/4028-13-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/4028-10-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/4028-15-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4028-16-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/4028-17-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/4028-23-0x0000000000690000-0x00000000006C1000-memory.dmp

Filesize
196KB

Download
memory/4028-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4028-18-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads