e75f45ba1f7d410dcf68028588f3d40d8766447f542fcf647df90df53600f14d | Triage

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 15:45

Sharing

Report Analysis Logs

General

Target

4bd3e54ffb2eb10e08131a595004b7b4.exe
Size

114KB
MD5

4bd3e54ffb2eb10e08131a595004b7b4
SHA1

7f08acd7de8ffa81800c139f8d2247c9173d710f
SHA256

e75f45ba1f7d410dcf68028588f3d40d8766447f542fcf647df90df53600f14d
SHA512

1a779211c38cd7e01d22e5e2027bb3884bf74afa9d8ca8bcbfdeddd24722806609f1037725abbdf8447696378b12451f73860c260fcf54e186ec2ca4bfeb901b
SSDEEP

3072:eHyEKeYLRBjJzLT/6eQ3YylZ8krFxP5hqlL:nLe6RBjx/HUH825

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1500-0-0x0000000000400000-0x000000000043E000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1500	4bd3e54ffb2eb10e08131a595004b7b4.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4596	1500	4bd3e54ffb2eb10e08131a595004b7b4.exe	20
PID 1500 wrote to memory of 4596	1500	4bd3e54ffb2eb10e08131a595004b7b4.exe	20
PID 1500 wrote to memory of 4596	1500	4bd3e54ffb2eb10e08131a595004b7b4.exe	20
PID 1500 wrote to memory of 4596	1500	4bd3e54ffb2eb10e08131a595004b7b4.exe	20
PID 1500 wrote to memory of 4596	1500	4bd3e54ffb2eb10e08131a595004b7b4.exe	20

C:\Users\Admin\AppData\Local\Temp\4bd3e54ffb2eb10e08131a595004b7b4.exe
"C:\Users\Admin\AppData\Local\Temp\4bd3e54ffb2eb10e08131a595004b7b4.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1500-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1500-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1500-2-0x0000000000420000-0x000000000042E000-memory.dmp

Filesize
56KB

Download
memory/1500-1-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download