aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b

Analysis

max time kernel
149s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 17:59

Target

aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b.exe
Size

165KB
MD5

0b7cf10a9e713cc134257923a9b48dbe
SHA1

35ac5f7f7a3b279ff8df823d8c4646fe887a2e09
SHA256

aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b
SHA512

3d217d8904c38645a416390344165ce260f41bfd0b4f0c86e553add54070cfc0e543e8cdbb1772d218f411af2d62b1a4549207f3994d0d0aac5284dae09e24ac
SSDEEP

1536:tCFjZHdOUPPiCWZz+i8Duyc92nJamTfLn0RJp6/uzPbAuR8J:wFpwUniCWMid92nJamTb0Emj8

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/548-132-0x0000000000400000-0x000000000043E000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
548	aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 1272	548	aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b.exe	20
PID 548 wrote to memory of 1272	548	aa50601fb7f0ade8ccde50547421ac7876ebf61d46fda5c03dcd8ae3bfdb886b.exe	20

memory/548-132-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/548-133-0x0000000000030000-0x0000000000040000-memory.dmp

Filesize
64KB

Download
memory/548-134-0x00000000001D0000-0x00000000001EA000-memory.dmp

Filesize
104KB

Download
memory/548-135-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download