72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701

Analysis

max time kernel
138s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:51

Target

72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
Size

140KB
MD5

57fc1c6ce209c40e80c1898e28df87bc
SHA1

fe0af836c01044ec0315cd486d6ed9a775976782
SHA256

72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701
SHA512

9cdd42592b158574e62e065a044406c2a6eb30816ae9561e0db24e301132a2d03c3d8b209f318bfd60070ee4c070e48ba84d0b2356173d3f1a5fc54bd41ec30c
SSDEEP

3072:cAExbkbji/4RsUBBH9iyZ/iRgYKKJaVBaaqwbWyPShbAzYhfLxJhOUvwrhUN9P:zExSji/6XHP/z7VzquqlA8hND

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/952-135-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/952-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/952-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/952-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/952-142-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 952	2244	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	79
PID 2244 wrote to memory of 952	2244	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	79
PID 2244 wrote to memory of 952	2244	72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe	79

C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
"C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\72d6452f791d67b7f03a212a39e3e8fdd079359f837a7be545b77ba0d469d701.exe
  ?
  2⤵
  PID:952

memory/952-135-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/952-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/952-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/952-140-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/952-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/952-142-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2244-134-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download