a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb

Analysis

max time kernel
140s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 18:04

Target

a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb.exe
Size

168KB
MD5

7698104fc3d4dce60b21528fd6c6859a
SHA1

95bf4f747ece82c016ddb081b38badd828d0bd23
SHA256

a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb
SHA512

8ab2e7d9135ef13e77adf679ba21abb47e894daba36587820cb028a8018a3a6edc67a58616b5b041fd29c159bbca6d56f5441de287a18866bd81561e62090e2b
SSDEEP

3072:TwwcwLBQQIIEyFmc8BZniEC+kL62L+1KWqt7tR5OTNL5TE1ZDUI/GWRo2rXfZM:cj44IEyFBInpCV62ayxr5ORdTE1dUI+z

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4192-132-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4192-133-0x0000000000400000-0x0000000000466000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4192	a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb.exe
4192	a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb.exe

C:\Users\Admin\AppData\Local\Temp\a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb.exe
"C:\Users\Admin\AppData\Local\Temp\a7e4a7449d5cecc1dfca15f6f44d73df68ec86546765681b9ee015f2aac1cdcb.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4192

memory/4192-132-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4192-133-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download