60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16/10/2022, 19:24

Target

60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe
Size

310KB
MD5

f3ec21d33e9b38749c8d2f2ffea827dc
SHA1

690be4c79a17d935e4f0929b6ef92cae725c677c
SHA256

60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755
SHA512

a2a42ed8c94655756fab5f57b6d0ff9e729122af630fce38675282e10ed04b13be9e94a1ea70f7991cd00d483fdbfde08ad678df293d0a69958c882d4ce468a9
SSDEEP

1536:ZEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7U4OYnouy8XfEfFA+vOKBDZrLuO:HB9wUGYQN2XD6Ud5OQoutXfEC+vOsr

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/784-58-0x0000000000400000-0x00000000004A1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2012	784	60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe	27
PID 784 wrote to memory of 2012	784	60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe	27
PID 784 wrote to memory of 2012	784	60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe	27
PID 784 wrote to memory of 2012	784	60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe	27

C:\Users\Admin\AppData\Local\Temp\60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe
"C:\Users\Admin\AppData\Local\Temp\60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\652A.tmp\652B.tmp\652C.bat C:\Users\Admin\AppData\Local\Temp\60e8cc26e755b8c4d5efbc7d194b5825022eb16dbd5b82bbc445565d55473755.exe"
  2⤵
  PID:2012

C:\Users\Admin\AppData\Local\Temp\652A.tmp\652B.tmp\652C.bat

Filesize
55B

MD5
01ad0c1b24720623c7945caf7480c060

SHA1
983cf259c79ff0d0af11ec682faac384658bebf4

SHA256
395c29ebbf246afb56f38d0c133188f1fbbca9380c30a152d36cd0dccfbffbe8

SHA512
5563352efc901e6f23961f32b995b240cf617ff7274a86e7ef001bce57f0f2350e6b3bd1981d6461393f79023809ff82aefff4dba4cc938bd26114bce4ca0dc2

Download Submit
memory/784-54-0x0000000075FC1000-0x0000000075FC3000-memory.dmp

Filesize
8KB

Download
memory/784-58-0x0000000000400000-0x00000000004A1000-memory.dmp

Filesize
644KB

Download
memory/2012-57-0x000007FEFB871000-0x000007FEFB873000-memory.dmp

Filesize
8KB

Download