5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91

Analysis

Target

ORDER06JUL2020.exe
Size

988KB
MD5

d15eff3ce503230404b143cbe4a9d84b
SHA1

d8c57455b66192ca6da4c8402adc870cac30c361
SHA256

5c9b22633bb9c7f20fcd928e0093ac5debd1dabd7f42daa479725b5f2db38e91
SHA512

947c8ffefab661dcd6aeb8cd36cb2a6bfcf45063299162c664e5fee5dffd26da6c81b86774ac6f12abb8cf402947181ca551154a8ac697f1fc667f19d67e07ad

Score

8^/10

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3832-0-0x0000000000400000-0x000000000051E000-memory.dmp	upx
behavioral2/memory/3832-2-0x0000000000400000-0x000000000051E000-memory.dmp	upx
behavioral2/memory/3832-3-0x0000000000400000-0x000000000051E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3024	ORDER06JUL2020.exe
3024	ORDER06JUL2020.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3832	3024	ORDER06JUL2020.exe	67
PID 3024 wrote to memory of 3832	3024	ORDER06JUL2020.exe	67
PID 3024 wrote to memory of 3832	3024	ORDER06JUL2020.exe	67

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3024	ORDER06JUL2020.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3024 set thread context of 3832	3024	ORDER06JUL2020.exe	67

C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe
"C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:3024
- C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe
  "C:\Users\Admin\AppData\Local\Temp\ORDER06JUL2020.exe"
  2⤵
  PID:3832

memory/3832-0-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3832-2-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3832-3-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/3832-4-0x00000000022F0000-0x0000000002378000-memory.dmp

Filesize
544KB

Download
memory/3832-5-0x0000000002252000-0x0000000002253000-memory.dmp

Filesize
4KB

Download