4b8a0c570746e57ed21195bc66353acf1740ad727dd5587309465ebaab79f7d5

Analysis

max time kernel
172s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 17:48

Target

49a6fb26582ede0ade82e0b9f7714989.exe
Size

56KB
MD5

49a6fb26582ede0ade82e0b9f7714989
SHA1

33a21b04eeadced2ca5b8a869b5a85091053cb83
SHA256

4b8a0c570746e57ed21195bc66353acf1740ad727dd5587309465ebaab79f7d5
SHA512

d26d96981f3feecff2665ccc928a5b08941d257f949c5e0950033dc047eedbb580905dbfe320c67af035e62e028fd3425460988aff3124c4fd8ea0b2e06c6614
SSDEEP

1536:ECnurieBzwDfkHWjFApNESnfbptwXf+qXKaE:EvHww2jmlfbptwX11E

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1940	49a6fb26582ede0ade82e0b9f7714989.exe

Executes dropped EXE 1 IoCs

pid	Process
1940	49a6fb26582ede0ade82e0b9f7714989.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3160-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x00080000000224fc-11.dat	upx
behavioral2/memory/1940-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3160	49a6fb26582ede0ade82e0b9f7714989.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3160	49a6fb26582ede0ade82e0b9f7714989.exe
1940	49a6fb26582ede0ade82e0b9f7714989.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 1940	3160	49a6fb26582ede0ade82e0b9f7714989.exe	91
PID 3160 wrote to memory of 1940	3160	49a6fb26582ede0ade82e0b9f7714989.exe	91
PID 3160 wrote to memory of 1940	3160	49a6fb26582ede0ade82e0b9f7714989.exe	91

C:\Users\Admin\AppData\Local\Temp\49a6fb26582ede0ade82e0b9f7714989.exe

Filesize
56KB

MD5
a7fc2bf3165c1cb3751ad30955379094

SHA1
094eea5479c0bedc227ef3721de0959216d68982

SHA256
d9c36ebb9c1ba82f49a75df4c4110c6de6f0bf1f0b1155b14f8157ac82a9e519

SHA512
016b1c50d64c43db61df2dac6f1b572e84415d2cad30f03ee184acaa478a725fc910183d6c1c371a0e174586856d9ea2f800e4ba465484eab5f5e0a02afd7f9b

Download Submit
memory/1940-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1940-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1940-16-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/1940-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1940-24-0x0000000004D70000-0x0000000004D8B000-memory.dmp

Filesize
108KB

Download
memory/1940-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3160-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3160-1-0x00000000001B0000-0x00000000001BE000-memory.dmp

Filesize
56KB

Download
memory/3160-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3160-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download