d14909068ddb84a9bb103c59ca862e22057b88ef6bec2ca1d43d113c720ba748

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 20:38

Target

49b4eda698b8a12d51a8a85e5c789d11.exe
Size

2.9MB
MD5

49b4eda698b8a12d51a8a85e5c789d11
SHA1

051dac05fbe131f058dc9f549bdf3e0750005d60
SHA256

d14909068ddb84a9bb103c59ca862e22057b88ef6bec2ca1d43d113c720ba748
SHA512

bdf02d19963166e111f0b8fa940280056e31f481148f9138b4aba024d25de01abdae3dd524bfd4f4102567882053185d8136cb7166bc708559c7b614b60c797b
SSDEEP

49152:rp/hZOIBhL/3HpzKcaEFAoNdGP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:rt7JmcbACdGgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1268	49b4eda698b8a12d51a8a85e5c789d11.exe

Executes dropped EXE 1 IoCs

pid	Process
1268	49b4eda698b8a12d51a8a85e5c789d11.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3328-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e96f-11.dat	upx
behavioral2/memory/1268-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3328	49b4eda698b8a12d51a8a85e5c789d11.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3328	49b4eda698b8a12d51a8a85e5c789d11.exe
1268	49b4eda698b8a12d51a8a85e5c789d11.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 1268	3328	49b4eda698b8a12d51a8a85e5c789d11.exe	91
PID 3328 wrote to memory of 1268	3328	49b4eda698b8a12d51a8a85e5c789d11.exe	91
PID 3328 wrote to memory of 1268	3328	49b4eda698b8a12d51a8a85e5c789d11.exe	91

C:\Users\Admin\AppData\Local\Temp\49b4eda698b8a12d51a8a85e5c789d11.exe

Filesize
2.9MB

MD5
c1f029c93e7da6f95f7a96dac5764996

SHA1
7160f6acc4e4d36c7f1513dd01299402be7007dd

SHA256
3e8b96d97cc0fa588753862c2814640fc7c8258ee49f9849f097a57854bc7b12

SHA512
c5ef8a3c4f7744547384c33e04f0e02202b1e069b757ce83f90d1c19b3cc2d2d792207cd3511d5335a9ec2190a50bcd066f1b5a92070155d41c1d119dfe32f99

Download Submit
memory/1268-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1268-15-0x0000000001DF0000-0x0000000001F23000-memory.dmp

Filesize
1.2MB

Download
memory/1268-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1268-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1268-22-0x00000000056F0000-0x000000000591A000-memory.dmp

Filesize
2.2MB

Download
memory/1268-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3328-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3328-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/3328-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3328-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download