4db44647eade7afd17961e63e7f8afe59ee5b6e4196584fceefc7549b63cda11

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 14:52

Target

56c22b049c955d318614644c11415e19.exe
Size

2.7MB
MD5

56c22b049c955d318614644c11415e19
SHA1

6d54270a7e211abda3667f9c94512d7b4f6437d0
SHA256

4db44647eade7afd17961e63e7f8afe59ee5b6e4196584fceefc7549b63cda11
SHA512

2746b831a5924a7db7ea0e473c6114eea5318d2e9ccb8460c1c4f422b5b387d61736b967576ef4ba6a312e08f8dc8f3887ae0b8629df240cba730955005e6e7b
SSDEEP

49152:BZTKEZjgdcdL/4jgZ4QrR9ktBc1+Q4YdxSChG38bDUggR9t:DdZjgdoLg2HktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1456	56c22b049c955d318614644c11415e19.exe

Executes dropped EXE 1 IoCs

pid	Process
1456	56c22b049c955d318614644c11415e19.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1956-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx
behavioral2/memory/1456-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1956	56c22b049c955d318614644c11415e19.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1956	56c22b049c955d318614644c11415e19.exe
1456	56c22b049c955d318614644c11415e19.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1456	1956	56c22b049c955d318614644c11415e19.exe	88
PID 1956 wrote to memory of 1456	1956	56c22b049c955d318614644c11415e19.exe	88
PID 1956 wrote to memory of 1456	1956	56c22b049c955d318614644c11415e19.exe	88

C:\Users\Admin\AppData\Local\Temp\56c22b049c955d318614644c11415e19.exe

Filesize
787KB

MD5
91c2e980c6a5b68c56df4f21a1dcde63

SHA1
d663038017096e0d3b92a30e1b8853ec737e3bd8

SHA256
f8650c3e9f84de067b014364c6de225756a934beb55f34b37a85fbb84aef04d0

SHA512
9add1d2baae502d0a4c15b45d700c8dcf9e5ba243a9b5ad5c5db29fece5f1518bbd902e83d09354f2dbb1a180fb5e32f2a31b7d08480816d9c602b103985bb01

Download Submit
memory/1456-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1456-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1456-16-0x0000000001C70000-0x0000000001DA1000-memory.dmp

Filesize
1.2MB

Download
memory/1456-21-0x0000000005560000-0x0000000005782000-memory.dmp

Filesize
2.1MB

Download
memory/1456-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1456-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1956-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1956-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1956-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1956-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download