7fa04cbf94b6faebb44ffe7c64f337e78d81214291bace7ccced19eae9424783

Analysis

max time kernel
138s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 03:37

Target

c4e088aa1d0173ab466bd1c9beec1f49.exe
Size

5.8MB
MD5

c4e088aa1d0173ab466bd1c9beec1f49
SHA1

4b81019b2a51d48cbd1449417f05afb8c4eca420
SHA256

7fa04cbf94b6faebb44ffe7c64f337e78d81214291bace7ccced19eae9424783
SHA512

0579377447026fa5105ba2b1b8764979e346693c5fc60f6e5110c47108fa980bec236b153f35c562fc4c1cd953bc333db4294ca768c8a96d02d635b26ef54048
SSDEEP

98304:SJ0+6/S/s0I2EN3gg3gnl/IVUs1jePsHjYrhRNm7yEzgg3gnl/IVUs1jePs:c0v0IDgl/iBiPwakLpgl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1064	c4e088aa1d0173ab466bd1c9beec1f49.exe

Executes dropped EXE 1 IoCs

pid	Process
1064	c4e088aa1d0173ab466bd1c9beec1f49.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4868-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx
behavioral2/memory/1064-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4868	c4e088aa1d0173ab466bd1c9beec1f49.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4868	c4e088aa1d0173ab466bd1c9beec1f49.exe
1064	c4e088aa1d0173ab466bd1c9beec1f49.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 1064	4868	c4e088aa1d0173ab466bd1c9beec1f49.exe	90
PID 4868 wrote to memory of 1064	4868	c4e088aa1d0173ab466bd1c9beec1f49.exe	90
PID 4868 wrote to memory of 1064	4868	c4e088aa1d0173ab466bd1c9beec1f49.exe	90

C:\Users\Admin\AppData\Local\Temp\c4e088aa1d0173ab466bd1c9beec1f49.exe

Filesize
1.4MB

MD5
016e620a4901124f8d2436f2556649ce

SHA1
ecec25c1c84f699645d38c2753b4d861e64d6d5c

SHA256
4f07d2ce916f2b0b2a3f6f1d1473f5fad267d033dea8dc1a120df7762300f405

SHA512
26b1cc91afe9525dc1ad8c99b32cd36b91fb199159b008517cf6e341af1b2580503f0e8562a7da3782aec31dcec2867adcaafc800eb073642d655c225941a3d6

Download Submit
memory/1064-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1064-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1064-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1064-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1064-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1064-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4868-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4868-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/4868-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4868-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download