bb20998f4d2e6fc4021a37658017e59486d825d603fa5d82bcb9035dc3e8ddd3

Analysis

max time kernel
81s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-10-2022 15:07

Target

一键修复系统更新造成的打印机无法共享2022.10.25/一键修复系统更新造成的��.exe
Size

3.3MB
MD5

73293d047a60f1138ebbe4569e2fdcb1
SHA1

ef809254f0dcedc310ab4b551fc6040f17c25b79
SHA256

4f412f2e09ec374a451bfd498ecad35148d08bc8882e7a4f31a1e4f5a825cda5
SHA512

31603fbbf3b018f01b416ae07c07236adec0cbf1e1a74a14c5a14c0464745ee0b2afaa2e178ed69a04bc94b513cbfa189ba3bbbc148ebc11a24328ff9248c495
SSDEEP

98304:JTu5HMvw5LCe9YqjQ2kvV3zwjCeB0RbAZwNt2:0Mvxeq4Q2kvV38jCt8mL

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1576-55-0x00000000009E0000-0x00000000010C0000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1576-55-0x00000000009E0000-0x00000000010C0000-memory.dmp	autoit_exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1576	一键修复系统更新造成的��.exe

C:\Users\Admin\AppData\Local\Temp\一键修复系统更新造成的打印机无法共享2022.10.25\一键修复系统更新造成的��.exe
"C:\Users\Admin\AppData\Local\Temp\一键修复系统更新造成的打印机无法共享2022.10.25\一键修复系统更新造成的��.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:1576

memory/1576-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1576-55-0x00000000009E0000-0x00000000010C0000-memory.dmp

Filesize
6.9MB

Download