3f75e384a4400a70183285050d91a6a261ab95a3e6000426b19a1cbdf979743c

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 07:43

Target

8bc62ed05cf5cb49ded2aa848b458c5e.exe
Size

24KB
MD5

8bc62ed05cf5cb49ded2aa848b458c5e
SHA1

8075d37e0c01f873e45f90cb76ec0f6dc440e4be
SHA256

3f75e384a4400a70183285050d91a6a261ab95a3e6000426b19a1cbdf979743c
SHA512

19d24b5ebe15ddbecfdd1b212109b3e0a8d540d9b415de1b35be304f1169137877d3ebfb90b81a7bd09d3460ae387113bae8345c77819f58ba14e248719519ef
SSDEEP

384:Peq8c65XkVkdni07RCC29jMJ4HyimM2PJd0zfDQcXBk3/ZsIDh3rntFSuPvpTTU:R8cGw0nHChjC4Hmb2fDQQB67h7tcuZU

Score

7^/10

upx

Loads dropped DLL 2 IoCs

pid	Process
4464	8bc62ed05cf5cb49ded2aa848b458c5e.exe
4464	8bc62ed05cf5cb49ded2aa848b458c5e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1512-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/1512-3-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/4464-10-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\Vet4-67Nt.mid	8bc62ed05cf5cb49ded2aa848b458c5e.exe
File created	C:\Program Files\Internet Explorer\Vet4321t.321	8bc62ed05cf5cb49ded2aa848b458c5e.exe
File created	C:\Program Files\Internet Explorer\Vet4-67Nt.mid	8bc62ed05cf5cb49ded2aa848b458c5e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4464	8bc62ed05cf5cb49ded2aa848b458c5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 4464	1512	8bc62ed05cf5cb49ded2aa848b458c5e.exe	84
PID 1512 wrote to memory of 4464	1512	8bc62ed05cf5cb49ded2aa848b458c5e.exe	84
PID 1512 wrote to memory of 4464	1512	8bc62ed05cf5cb49ded2aa848b458c5e.exe	84

C:\Program Files\Internet Explorer\Vet4-67Nt.mid

Filesize
24KB

MD5
4e98ef55b65de5689fd8f3d29a1a046b

SHA1
fd9de2c529dac435e02bab6f15662c08c34147c3

SHA256
5ed4e0b27b521a61be8b7ae53dd62841f602cd08351c0911cf3b47ebac00180c

SHA512
fbe9796584cc93fb6030300b865f5ee7431fb163f8be66779186069bc61cdfbbf7994c1385a13d0e69576b98173ff926853ce8c2d96eceb3ae1964141a2a1f27

Download Submit
C:\Program Files\Internet Explorer\Vet4321t.321

Filesize
31KB

MD5
1d1a2069ff09b90856523e9f4f2fcf8b

SHA1
89ba558e76e49f55895fd5040af91f91f8d8ed8d

SHA256
99b6120391bc0b35f1c28a9279100279113c405bd3cfd8c9a9670368f98b322f

SHA512
9d6e855b6f9f1d2ebb591f5bb3534a79ea4a4cca7364f6488e0b72b087c47eb443faec77c603525c221089bf17dc6877754dfaa0fe5ada8571a10becae2c8cae

Download Submit
memory/1512-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1512-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4464-9-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download
memory/4464-10-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4464-11-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download
memory/4464-37-0x0000000000580000-0x000000000058D000-memory.dmp

Filesize
52KB

Download