ab437b25d0cf63f4558353626929707c845779129d7656222551ce66313f6309

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 02:46

Target

c4c6fce033fe0bb8f6be48bd5edafaa7.exe
Size

2.9MB
MD5

c4c6fce033fe0bb8f6be48bd5edafaa7
SHA1

6966ad94e9520e788dade74ff62abac7354b6e25
SHA256

ab437b25d0cf63f4558353626929707c845779129d7656222551ce66313f6309
SHA512

402a3659faa3d5f59bae678cdb2cd48b8963d2bffa1ed80779f534feefe84ad444823e124cab128505cad202aa6682eca2ca62553d9ff2d0ddada407bd4f4571
SSDEEP

49152:rumCPRshwXO/8TsyztaeTN74NH5HUyNRcUsCVOzetdZJ:rutZteUhtpT4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4340	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Executes dropped EXE 1 IoCs

pid	Process
4340	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1988-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx
behavioral2/memory/4340-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1988	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1988	c4c6fce033fe0bb8f6be48bd5edafaa7.exe
4340	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 4340	1988	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	87
PID 1988 wrote to memory of 4340	1988	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	87
PID 1988 wrote to memory of 4340	1988	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	87

C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Filesize
1.2MB

MD5
75973c850d3022f628e04702891388ba

SHA1
9d7d6d22d330d90d685d4a20740ef36c7a17d5d9

SHA256
cfbc0c4f7ad9fdd189d697bf0119ef4f798d370f0068f0bc83c8f05319d2e990

SHA512
2c18c24beea3c7ea6f05aa0bbd80b7cae33a997ed0c3dba047bb328693bc2ae51daa4ad2256f8261e7f206b0a8fedbdf1d7a22ebf4db6216fe3a1d4a3fae89b5

Download Submit
memory/1988-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1988-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/1988-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1988-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4340-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4340-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4340-16-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/4340-21-0x00000000056B0000-0x00000000058DA000-memory.dmp

Filesize
2.2MB

Download
memory/4340-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4340-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download