4cd94f53003a651061871c4f0d217f12ed6cca9be4f28fdfc7a5f496ffcc4ce1

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 22:50

Target

51d5bee15256da60d620ac3326cabdf1.exe
Size

5.8MB
MD5

51d5bee15256da60d620ac3326cabdf1
SHA1

f359d7fce77e935fc934604bfc8be614d32690a6
SHA256

4cd94f53003a651061871c4f0d217f12ed6cca9be4f28fdfc7a5f496ffcc4ce1
SHA512

5bc34db977baf65bde6d5e9544ef44fd2dac2a2688f5402d9863a71bbd598acf26e1c644025e47b991b758224b05b87da6d70837ce5008cd952977c5bfed6c6e
SSDEEP

98304:3u2dL6JBiLjHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:3ZduOnauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4364	51d5bee15256da60d620ac3326cabdf1.exe

Executes dropped EXE 1 IoCs

pid	Process
4364	51d5bee15256da60d620ac3326cabdf1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3800-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4364-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0010000000023153-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3800	51d5bee15256da60d620ac3326cabdf1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3800	51d5bee15256da60d620ac3326cabdf1.exe
4364	51d5bee15256da60d620ac3326cabdf1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 4364	3800	51d5bee15256da60d620ac3326cabdf1.exe	32
PID 3800 wrote to memory of 4364	3800	51d5bee15256da60d620ac3326cabdf1.exe	32
PID 3800 wrote to memory of 4364	3800	51d5bee15256da60d620ac3326cabdf1.exe	32

C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe

Filesize
206KB

MD5
7ab6a8dbbbe532b628d9e36735fbb114

SHA1
1779d61ef9a6060c59296324d1a756100aabedaa

SHA256
47002f905d17b7985a49c4610e66a0e9b53e1af41ff473920f7d53d97fd68000

SHA512
5707d99fa29a91fc9b01b90f55ce52e2fee879ecd88fbd2655cd7862e16c18305df68bbb06bc4befd59be362286cb7ac3acc62fc87d66ef676ba7e60d52e3c58

Download Submit
memory/3800-1-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/3800-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3800-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3800-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4364-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4364-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4364-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4364-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4364-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/4364-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download