a5c4fb4ef8daa27b93002e523734bc4d6ee44aee931f5abadcee7036c38ae265

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 19:52

Target

4f11253b26c04f5169de58568a92ce03.exe
Size

2.5MB
MD5

4f11253b26c04f5169de58568a92ce03
SHA1

36db5f699a8a19c4114f485e3eb4ba4bb81d71cd
SHA256

a5c4fb4ef8daa27b93002e523734bc4d6ee44aee931f5abadcee7036c38ae265
SHA512

e871c095d96294af81a82d54b495d02c6d9fa6d56212c600ed2b378a84e31c4f314116a08c2b4e4a30e62cdc98932361bbd162e4f8fadb696173f4e9ef322323
SSDEEP

49152:JI2NXuQRDsH+D2l2nHZLpN74NH5HUyNRcUsCVOzet0:JXM4cKlp4HBUCczz9

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4908	4f11253b26c04f5169de58568a92ce03.exe

Executes dropped EXE 1 IoCs

pid	Process
4908	4f11253b26c04f5169de58568a92ce03.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3048-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023205-11.dat	upx
behavioral2/memory/4908-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3048	4f11253b26c04f5169de58568a92ce03.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3048	4f11253b26c04f5169de58568a92ce03.exe
4908	4f11253b26c04f5169de58568a92ce03.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 4908	3048	4f11253b26c04f5169de58568a92ce03.exe	37
PID 3048 wrote to memory of 4908	3048	4f11253b26c04f5169de58568a92ce03.exe	37
PID 3048 wrote to memory of 4908	3048	4f11253b26c04f5169de58568a92ce03.exe	37

C:\Users\Admin\AppData\Local\Temp\4f11253b26c04f5169de58568a92ce03.exe

Filesize
345KB

MD5
4ddfa0d628e58fa07708610369e55f9b

SHA1
3fac1beeb670f90bf0c881e4e10a4cbd860dfcc3

SHA256
b1d4dd2745c6a772153a76734d4fc77efcdce0ba4d6a7bd2d07f50716a5643f7

SHA512
ea3a976d545245c350dd7f071cc365a3df88ea06ec3a7c288e158961c16a38f814317b6f1c5b917e9d98d03260a68fc9c3714ff5f85ce6f7dbbc9c420d758705

Download Submit
memory/3048-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3048-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4908-15-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/4908-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-20-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4908-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download