ae3b3752370f0aea3695dc07d0bb479c59103d8bd568864873bfacca605dcf2a

Analysis

max time kernel
149s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 16:45

Target

4bf2635b6b07aa93931508f8e6700187.exe
Size

1.3MB
MD5

4bf2635b6b07aa93931508f8e6700187
SHA1

816a84dab6b16706c794f79dc26ce5855dc1f3ab
SHA256

ae3b3752370f0aea3695dc07d0bb479c59103d8bd568864873bfacca605dcf2a
SHA512

33c4b29c67feb5843643f2816399314a3259f38eaaed6875058f53c392afdea423e8fae1945a221fb75ebf3c4305a743d99480ff9ef777f923623f7d2acdb700
SSDEEP

24576:/WrDaqw1Y9bLPXQtnMoqWLqTtonhSAfSV2rTpoc7+xKXAWBWc:u32YxbXWMqqTto3fSqTpN+xKXjp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4880	4bf2635b6b07aa93931508f8e6700187.exe

Executes dropped EXE 1 IoCs

pid	Process
4880	4bf2635b6b07aa93931508f8e6700187.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1608-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4880-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e96f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1608	4bf2635b6b07aa93931508f8e6700187.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1608	4bf2635b6b07aa93931508f8e6700187.exe
4880	4bf2635b6b07aa93931508f8e6700187.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 4880	1608	4bf2635b6b07aa93931508f8e6700187.exe	17
PID 1608 wrote to memory of 4880	1608	4bf2635b6b07aa93931508f8e6700187.exe	17
PID 1608 wrote to memory of 4880	1608	4bf2635b6b07aa93931508f8e6700187.exe	17

C:\Users\Admin\AppData\Local\Temp\4bf2635b6b07aa93931508f8e6700187.exe

Filesize
68KB

MD5
37e1465d8e99e9f48833dead2eed9a45

SHA1
1183342090ab939bd8ba9878559d110998ad4774

SHA256
028bffbf7921c583a2515a0f53aefe5b0682df0e892c3e72bf649d0b74d82ff1

SHA512
85b3c52a97eb6f5f16f7f6d75fd93b87f107f973665bb2a44876c507acc16214cc597019349051812d25064a2ebbff8d1159c60abe005a9f09f7fb9540f33a67

Download Submit
memory/1608-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1608-1-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/1608-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1608-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4880-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4880-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4880-14-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/4880-21-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/4880-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4880-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download