47303453917725e096ed85b1e317342cab2dd63f45d54cf0c1217868d3a500be

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19/01/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CMND576758678/5675675878/5343466456.exe
Size

15.3MB
MD5

bd563c928a86cd24eb13ecf3c099314f
SHA1

587dee8a9b6d66a385a77f3094a033b8a0f2617c
SHA256

db14560502edc73d6e96fec0d151791b92c15eace80a1ba90d17302d3ed37998
SHA512

e36faf4c6d72d15600d4c5c28c4e65b74f70599f337506fca5fd867966dc713f53e57ec1e27e915992405adfaa72d609a03343d24e5883a7ed27ff44ff7fc238
SSDEEP

49152:6RaNf51YutbFrxmfg5kAqBmIV1lp0RdiAutGuE5ShpUPNE0v2d9KUj1LeOAOuHIn:6Rax51Yu

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral6/memory/2660-16-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral6/memory/2660-17-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral6/memory/2660-18-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral6/memory/2660-19-0x0000000013140000-0x000000001419A000-memory.dmp	upx
behavioral6/memory/2660-20-0x0000000013140000-0x000000001419A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 2660	3240	5343466456.exe	96
PID 3240 wrote to memory of 2660	3240	5343466456.exe	96
PID 3240 wrote to memory of 2660	3240	5343466456.exe	96
PID 3240 wrote to memory of 2660	3240	5343466456.exe	96
PID 3240 wrote to memory of 2660	3240	5343466456.exe	96

C:\Users\Admin\AppData\Local\Temp\CMND576758678\5675675878\5343466456.exe
"C:\Users\Admin\AppData\Local\Temp\CMND576758678\5675675878\5343466456.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3240
- C:\windows\SysWOW64\grpconv.exe
  C:\windows\syswow64\grpconv.exe
  2⤵
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2660-16-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/2660-20-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/2660-19-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/2660-18-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/2660-17-0x0000000013140000-0x000000001419A000-memory.dmp

Filesize
16.4MB

Download
memory/3240-7-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-9-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-10-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-13-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-14-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-15-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-8-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-0-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3240-5-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-3-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/3240-1-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download
memory/3240-21-0x0000000000400000-0x0000000001352000-memory.dmp

Filesize
15.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads