b61d3f02d615b46f1911fb2cb2b2f32070f96a304aea95824da8ccf3ad5b3c49

Analysis

max time kernel
142s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 01:29

Target

47ac9c3df3f26bdf6e45a018617237a8.exe
Size

5.8MB
MD5

47ac9c3df3f26bdf6e45a018617237a8
SHA1

465095108b37f9b29a64ec334704f74009870c62
SHA256

b61d3f02d615b46f1911fb2cb2b2f32070f96a304aea95824da8ccf3ad5b3c49
SHA512

65c750b689f673aea2287491bd2347da35cb400af2b95e3e19bd4fc4bf80faa7364960e4eac88ab1394930f0f4c7192677e8470b0f7fb6026f877a6f6c5a1d8e
SSDEEP

98304:HRoQOK5/6udHgg3gnl/IVUs1jePsct6IRhuzngg3gnl/IVUs1jePs:HRoQ1/Dgl/iBiPTnsgl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4704	47ac9c3df3f26bdf6e45a018617237a8.exe

Executes dropped EXE 1 IoCs

pid	Process
4704	47ac9c3df3f26bdf6e45a018617237a8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3860-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000022480-11.dat	upx
behavioral2/memory/4704-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3860	47ac9c3df3f26bdf6e45a018617237a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3860	47ac9c3df3f26bdf6e45a018617237a8.exe
4704	47ac9c3df3f26bdf6e45a018617237a8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 4704	3860	47ac9c3df3f26bdf6e45a018617237a8.exe	90
PID 3860 wrote to memory of 4704	3860	47ac9c3df3f26bdf6e45a018617237a8.exe	90
PID 3860 wrote to memory of 4704	3860	47ac9c3df3f26bdf6e45a018617237a8.exe	90

C:\Users\Admin\AppData\Local\Temp\47ac9c3df3f26bdf6e45a018617237a8.exe

Filesize
1.3MB

MD5
415cc0a450a2ee026d00cf6c73e81953

SHA1
50414f5f65f8c2a4c0680d3202dff88947b86da5

SHA256
170fff89e02fe4029c7d3bfc78a08134d1db087bc44964d346c6a65a5968dd4a

SHA512
0dfa6b5c2d86c8773efc32f9a48c0042861a173fe86ded16eebda0c291fa63b7e9f6d3c134bf8e7228699cc2124dc6ef96d4c5070d897a6460d77e8bbdae166c

Download Submit
memory/3860-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3860-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3860-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3860-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4704-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4704-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4704-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4704-21-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/4704-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4704-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download