4dc3709422c33a80b51177693a7d6d15ea9b01cd37a3f4966677c5750f4a165d

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 05:37

Target

7196651d87a1a98e4e893ce551ea4a2d.exe
Size

1.5MB
MD5

7196651d87a1a98e4e893ce551ea4a2d
SHA1

92cb9a414fee5030da6491cf0931e10b2e995d92
SHA256

4dc3709422c33a80b51177693a7d6d15ea9b01cd37a3f4966677c5750f4a165d
SHA512

32d5b9d94c570ba11ca2702b9ca6094877a779655a822b28c79313ccfec4b768d813c3bb047ac1a9f26a6a325e9b2cb7d95d015d21ff018e5c2ff4584e626e98
SSDEEP

24576:/PYfWphKULAQfrpyyuQGWFVw9HWrAXsiVkfPgQr7Q9xzr/mq84pQW:zPKU8SXu7HdXsiagYUzzrxpQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3940	7196651d87a1a98e4e893ce551ea4a2d.exe

Executes dropped EXE 1 IoCs

pid	Process
3940	7196651d87a1a98e4e893ce551ea4a2d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5032-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023220-11.dat	upx
behavioral2/memory/3940-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5032	7196651d87a1a98e4e893ce551ea4a2d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5032	7196651d87a1a98e4e893ce551ea4a2d.exe
3940	7196651d87a1a98e4e893ce551ea4a2d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3940	5032	7196651d87a1a98e4e893ce551ea4a2d.exe	87
PID 5032 wrote to memory of 3940	5032	7196651d87a1a98e4e893ce551ea4a2d.exe	87
PID 5032 wrote to memory of 3940	5032	7196651d87a1a98e4e893ce551ea4a2d.exe	87

C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe

Filesize
1.1MB

MD5
f1c688d04d8b761ef6a14650f02a21c0

SHA1
a438e9813b2df88049058fe104d6c15913ecf055

SHA256
065ecb7fd75033d63e8f3df49255952e7fa8d107ed750a8c15393341a686f819

SHA512
f147eff5096042e19738653b59a1770bf4da8385e6d46927519f1a3c11eb68da742a15ef8a322db2eba73baf06812c517aff4ff67ee2b6ed6ac1ba2911938466

Download Submit
memory/3940-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3940-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3940-16-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/3940-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3940-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/3940-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5032-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5032-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/5032-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5032-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download