4065351f81489a6d5a519d99b0fc0f2bd468a29c9a4b786a44b56f1159cf1974

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 12:34

Target

b4b47c177c7ddc3cc30f840bec276b6d.exe
Size

2.7MB
MD5

b4b47c177c7ddc3cc30f840bec276b6d
SHA1

d22d8acef1fe57ba2485b1a6c62f27290fa2707e
SHA256

4065351f81489a6d5a519d99b0fc0f2bd468a29c9a4b786a44b56f1159cf1974
SHA512

95dc2178015bf45711f374105a9787cf4663dd3508471435f9c06ec5a2249d99aca78f91411c890f72c357f45eaaa6ae890a2b1248cca364dd3b5580622dad55
SSDEEP

49152:HQhxbWqtCP46UclFZLBmwfJlSTQh1KrAuZVEjR8rWDEhlQY53bO3M74f:HQfWWCPRrFV/l5srAf1EdpS3W4f

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2532	b4b47c177c7ddc3cc30f840bec276b6d.exe

Executes dropped EXE 1 IoCs

pid	Process
2532	b4b47c177c7ddc3cc30f840bec276b6d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2684-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000001e59e-11.dat	upx
behavioral2/memory/2532-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2684	b4b47c177c7ddc3cc30f840bec276b6d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2684	b4b47c177c7ddc3cc30f840bec276b6d.exe
2532	b4b47c177c7ddc3cc30f840bec276b6d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2532	2684	b4b47c177c7ddc3cc30f840bec276b6d.exe	87
PID 2684 wrote to memory of 2532	2684	b4b47c177c7ddc3cc30f840bec276b6d.exe	87
PID 2684 wrote to memory of 2532	2684	b4b47c177c7ddc3cc30f840bec276b6d.exe	87

C:\Users\Admin\AppData\Local\Temp\b4b47c177c7ddc3cc30f840bec276b6d.exe

Filesize
2.7MB

MD5
ee74fef0504a75e37e88ecfb2f6d0d58

SHA1
c4002beb00f3759c3d4749cd4eb7ba4f45708ae8

SHA256
3b78c5883e41b8c23ffd4042223674fdb303a96f6c1886e0e8f6334ef809b1b8

SHA512
89fc9fcf999aff599bf9e932b538c37c7c54216adf83c34e8660b41482c71fe24af18da216e76e122c4bb38630c8c4f2fb1e9260a537c93f139365391bbd7368

Download Submit
memory/2532-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2532-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2532-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2532-21-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/2532-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2532-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2684-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2684-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/2684-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2684-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download