47303453917725e096ed85b1e317342cab2dd63f45d54cf0c1217868d3a500be

Analysis

max time kernel
142s
max time network
158s
platform
windows10-1703_x64
resource
win10-20231215-es
resource tags

arch:x64arch:x86image:win10-20231215-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
19-01-2024 15:03

Target

CMND576758678/5675675878/5343466456.exe
Size

15.3MB
MD5

bd563c928a86cd24eb13ecf3c099314f
SHA1

587dee8a9b6d66a385a77f3094a033b8a0f2617c
SHA256

db14560502edc73d6e96fec0d151791b92c15eace80a1ba90d17302d3ed37998
SHA512

e36faf4c6d72d15600d4c5c28c4e65b74f70599f337506fca5fd867966dc713f53e57ec1e27e915992405adfaa72d609a03343d24e5883a7ed27ff44ff7fc238
SSDEEP

49152:6RaNf51YutbFrxmfg5kAqBmIV1lp0RdiAutGuE5ShpUPNE0v2d9KUj1LeOAOuHIn:6Rax51Yu

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral3/memory/1904-14-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral3/memory/1904-15-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral3/memory/1904-17-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral3/memory/1904-16-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral3/memory/1904-18-0x0000000013140000-0x000000001419A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 1904	4556	5343466456.exe	72
PID 4556 wrote to memory of 1904	4556	5343466456.exe	72
PID 4556 wrote to memory of 1904	4556	5343466456.exe	72
PID 4556 wrote to memory of 1904	4556	5343466456.exe	72
PID 4556 wrote to memory of 1904	4556	5343466456.exe	72

C:\Users\Admin\AppData\Local\Temp\CMND576758678\5675675878\5343466456.exe
"C:\Users\Admin\AppData\Local\Temp\CMND576758678\5675675878\5343466456.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556
- C:\windows\syswow64\grpconv.exe
  C:\windows\syswow64\grpconv.exe
  2⤵
  PID:1904

memory/1904-14-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/1904-18-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/1904-16-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/1904-17-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/1904-15-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/4556-6-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-11-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-12-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-13-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-8-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-7-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-0-0x00000000014D0000-0x00000000014D1000-memory.dmp

Filesize
4KB

Download
memory/4556-4-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-1-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/4556-19-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download