72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 01:51

Target

72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
Size

140KB
MD5

57fc1c6ce209c40e80c1898e28df87bc
SHA1

fe0af836c01044ec0315cd486d6ed9a775976782
SHA256

72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701
SHA512

9cdd42592b158574e62e065a044406c2a6eb30816ae9561e0db24e301132a2d03c3d8b209f318bfd60070ee4c070e48ba84d0b2356173d3f1a5fc54bd41ec30c
SSDEEP

3072:cAExbkbji/4RsUBBH9iyZ/iRgYKKJaVBaaqwbWyPShbAzYhfLxJhOUvwrhUN9P:zExSji/6XHP/z7VzquqlA8hND

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1788-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1788-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1788-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1788-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 1788	584	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	28
PID 584 wrote to memory of 1788	584	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	28
PID 584 wrote to memory of 1788	584	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	28
PID 584 wrote to memory of 1788	584	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	28

C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
"C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:584
- C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
  ?
  2⤵
  PID:1788

memory/584-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/584-56-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1788-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1788-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1788-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1788-63-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1788-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download