9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d

Analysis

max time kernel
146s
max time network
164s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 20:13

Target

9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe
Size

84KB
MD5

7b6466cba6ecc4573d90d0dc0054c0b6
SHA1

dfdebeaed653cbda46842d4e857ac242820c4e08
SHA256

9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d
SHA512

c58d8796648c9f1f89fd21960a9032db19ed146cb0ec0056f1f0a54365d8894daaf19f5bf9008380951a1758f0482a0819d113e98f3e82b53823171c84f396a9
SSDEEP

1536:nDJ0k/Wxrzi4CHTmV2bIgKNxEWxN5gNFhOm2rhT:nDKUWt2PKMexT5gNFhr2rhT

Score

8^/10

upx

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1780-58-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1780-60-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1780-62-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1780-65-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1780-66-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1780-67-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/1780-68-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1520 set thread context of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe
1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28
PID 1520 wrote to memory of 1780	1520	9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe	28

C:\Users\Admin\AppData\Local\Temp\9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe
"C:\Users\Admin\AppData\Local\Temp\9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Users\Admin\AppData\Local\Temp\9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe
  C:\Users\Admin\AppData\Local\Temp\9e7a49e76e20414e17ff737d224164b9017279ef4343e6d63a07e8e4bc63777d.exe
  2⤵
  PID:1780

memory/1520-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1520-61-0x0000000000310000-0x0000000000314000-memory.dmp

Filesize
16KB

Download
memory/1780-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

Filesize
1000KB

Download
memory/1780-57-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-58-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-60-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-62-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-65-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-66-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1780-67-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1780-68-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download