b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac

Analysis

max time kernel
143s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 16:53

Target

b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe
Size

65KB
MD5

a23206b6e7f65d189313b1acafd5ba5d
SHA1

107bdc33f2e3dc3fd88f9ffddd04be44173a6409
SHA256

b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac
SHA512

34bbc78a09aa7744ac7ed2adc89f1472f52657796fba982844bd30f4d0aa4ac44dad0ee29cbe177474f54950b57067442c962e855b3b52726dfc9db039d5614f
SSDEEP

1536:oTWNKzcCRTmiO5HDfOWp4pK4Hs97Fk2k7zg:skKzcMK7fOWypFHIG2kng

Score

8^/10

upx

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1264-58-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/2016-62-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/2016-64-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/2016-65-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/2016-69-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2016-68-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/2016-70-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/2016-71-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2016-72-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1264 set thread context of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28
PID 1264 wrote to memory of 2016	1264	b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe	28

C:\Users\Admin\AppData\Local\Temp\b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe
"C:\Users\Admin\AppData\Local\Temp\b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Users\Admin\AppData\Local\Temp\b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe
  C:\Users\Admin\AppData\Local\Temp\b8bfb55d1c230d6795e47e811699a52f7b39c6d745c6741fae194ad4d2145cac.exe
  2⤵
  PID:2016

memory/1264-61-0x00000000003A0000-0x00000000003B0000-memory.dmp

Filesize
64KB

Download
memory/1264-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/1264-58-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1264-59-0x0000000000240000-0x0000000000250000-memory.dmp

Filesize
64KB

Download
memory/1264-60-0x0000000000360000-0x0000000000364000-memory.dmp

Filesize
16KB

Download
memory/2016-64-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-57-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-62-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

Filesize
1000KB

Download
memory/2016-65-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-69-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2016-68-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-70-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/2016-71-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2016-72-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download