48eb6be985b5005975d98726858bc1eab0293d7abf97034ed32c6aeddc4c0bbf

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 17:44

Target

4c11adba1d8e62c428659b4c95e17c5e.exe
Size

1010KB
MD5

4c11adba1d8e62c428659b4c95e17c5e
SHA1

c0e04c557c485ad097eac765ee20352e8eb741e0
SHA256

48eb6be985b5005975d98726858bc1eab0293d7abf97034ed32c6aeddc4c0bbf
SHA512

3b0056576f52cb39276a2266a58692dc5f47c6e374185ae00b3496e4b65fcfc4d1b1040b8a73f0626180f2d5c737d65f43de986a1b28eedf9fdfd7a87853415b
SSDEEP

12288:avrDUvDt2PwKwQYTfm6hiYc5plDFwrilMiYTfm:CIvGRmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3972	4c11adba1d8e62c428659b4c95e17c5e.exe

Executes dropped EXE 1 IoCs

pid	Process
3972	4c11adba1d8e62c428659b4c95e17c5e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3700-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/memory/3972-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x000c00000002315b-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3700	4c11adba1d8e62c428659b4c95e17c5e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3700	4c11adba1d8e62c428659b4c95e17c5e.exe
3972	4c11adba1d8e62c428659b4c95e17c5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 3972	3700	4c11adba1d8e62c428659b4c95e17c5e.exe	23
PID 3700 wrote to memory of 3972	3700	4c11adba1d8e62c428659b4c95e17c5e.exe	23
PID 3700 wrote to memory of 3972	3700	4c11adba1d8e62c428659b4c95e17c5e.exe	23

C:\Users\Admin\AppData\Local\Temp\4c11adba1d8e62c428659b4c95e17c5e.exe

Filesize
205KB

MD5
4312f5d0e24997d40c140db5c554e28b

SHA1
188d76be36b1ac1e58b5564a6af5d60df8aa2d08

SHA256
a63ab71ad317811ddbb6de4283d97d3c979a7395887640200c705e259f215463

SHA512
d2443a5734a96c36d1cd1a1b87a943f6a52b1ad161968958759e28122475e107043d3f5042d63707607d4fa959c6c3ccb135cbef89f3c206e3bdb98323f2b3c3

Download Submit
memory/3700-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3700-1-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/3700-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3700-12-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3972-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3972-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3972-24-0x00000000004B0000-0x0000000000500000-memory.dmp

Filesize
320KB

Download
memory/3972-20-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3972-16-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/3972-27-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download