963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029

Analysis

max time kernel
142s
max time network
181s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 16:01

Target

963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe
Size

72KB
MD5

a004e3c7904bdc18c7025eb0d570c9dd
SHA1

8dec1f165a7f561dcc6ae226d75e759c7eebe548
SHA256

963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029
SHA512

cbb41bca6c0784b332ca0993c5055ca49c23ab1fcc4956300816c0607a2cfd7c7ad691b32cedb6b6c7ff4950fc7ffcb423dae7b9a6b8f3c7b71de4157b98c3dd
SSDEEP

1536:dCCZLmNXTx8dOQLtl4lerpzPqNd1mE/Bk+cmrPD6QdpPamNNo7Jf:dCpNjxOOQLtyApSH19/vcOPDWmfo7B

Score

8^/10

upx

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1520-58-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1520-61-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1520-62-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1520-65-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/1520-66-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1520-67-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1520-68-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1628 set thread context of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe
1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27
PID 1628 wrote to memory of 1520	1628	963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe	27

C:\Users\Admin\AppData\Local\Temp\963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe
"C:\Users\Admin\AppData\Local\Temp\963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe
  C:\Users\Admin\AppData\Local\Temp\963efbcd0b64a14ed1cd84b66bd087296a82a1cbfef23ca5cdd959a16f308029.exe
  2⤵
  PID:1520

memory/1520-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

Filesize
1000KB

Download
memory/1520-57-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-58-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-61-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-62-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-65-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1520-66-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-67-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1520-68-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1628-54-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/1628-59-0x0000000000280000-0x0000000000284000-memory.dmp

Filesize
16KB

Download