7a841d0451ac82cc5afcac7ee1c39bab46a5357c62017ee469b7cfc0f7a75a14

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 12:23

Target

4b6d6b6c98fe55b514b042fc1b2d1387.exe
Size

59KB
MD5

4b6d6b6c98fe55b514b042fc1b2d1387
SHA1

d5d67bedf986f74e54c7b3b1a8ac1c7f3cb1c1eb
SHA256

7a841d0451ac82cc5afcac7ee1c39bab46a5357c62017ee469b7cfc0f7a75a14
SHA512

47eea89edd886b978afd749dabe49f99ddd0329606740b1198dfc22de85459fa89a49f8a5ff23c9989163ff2fdc7a0991b0023dcf5a011d2c370cd31a11b96ab
SSDEEP

1536:NkPhWe6To4xXQrCrxT/k8N3ZnJcf5s8iZv86zC:NkP83TDgrCrt/kypnqKJj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4792	4b6d6b6c98fe55b514b042fc1b2d1387.exe

Executes dropped EXE 1 IoCs

pid	Process
4792	4b6d6b6c98fe55b514b042fc1b2d1387.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4256-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x0010000000023169-11.dat	upx
behavioral2/memory/4792-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4256	4b6d6b6c98fe55b514b042fc1b2d1387.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4256	4b6d6b6c98fe55b514b042fc1b2d1387.exe
4792	4b6d6b6c98fe55b514b042fc1b2d1387.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 4792	4256	4b6d6b6c98fe55b514b042fc1b2d1387.exe	90
PID 4256 wrote to memory of 4792	4256	4b6d6b6c98fe55b514b042fc1b2d1387.exe	90
PID 4256 wrote to memory of 4792	4256	4b6d6b6c98fe55b514b042fc1b2d1387.exe	90

C:\Users\Admin\AppData\Local\Temp\4b6d6b6c98fe55b514b042fc1b2d1387.exe

Filesize
59KB

MD5
48b6674fb0e0698806968c2f6c66242a

SHA1
4fd8709be2c4bb24b18d5a1b593cc04a04aba0f5

SHA256
ae6b769247abad781251eb2e9b84c95d7e60ac846832bcbda9eeab6eae0b073e

SHA512
599213e1fe180f9d16960845135650cd707c8cba25cc2c76c3b1569dfcb558608ad93b18a95342fee14cfef13dea1c2271ff7ceafe188f5b1118c9bccb23f42d

Download Submit
memory/4256-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4256-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/4256-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4256-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4792-14-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/4792-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4792-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4792-25-0x00000000001D0000-0x00000000001ED000-memory.dmp

Filesize
116KB

Download
memory/4792-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download