5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a

Analysis

max time kernel
21s
max time network
57s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 06:53 UTC

Target

5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe
Size

132KB
MD5

84167100fdfc15170b6495cff50ebeba
SHA1

ae7ab1a4f3384ca7a50ae1ca2ce8dc325bc8599a
SHA256

5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a
SHA512

0da0431e661f409ce3e8c96aa7d22ab1cb9df35fc99c71eafb4167d67b1ef4e2d10b401d8ccb22beb0ab4d3b5c0afa9b160c643e76ca38a51223bec0ccbe4c38
SSDEEP

3072:wLea5hAyAV9dzpcY6Enkt7VgQF7p10r4X07lLt+NNwCZVykD86NJFD:wLea5hAyStcYxnkt2QppmUXYt+NNDZVZ

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1644-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1644-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1644-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1644-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1376 wrote to memory of 1644	1376	5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe	28
PID 1376 wrote to memory of 1644	1376	5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe	28
PID 1376 wrote to memory of 1644	1376	5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe	28
PID 1376 wrote to memory of 1644	1376	5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe	28

C:\Users\Admin\AppData\Local\Temp\5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe
"C:\Users\Admin\AppData\Local\Temp\5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Users\Admin\AppData\Local\Temp\5befe578b72cf86a9d31b526b958c22162900237fce4ff1b4e7f8ab9e45d811a.exe
  ?
  2⤵
  PID:1644

No results found

memory/1376-55-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1644-56-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download
memory/1644-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1644-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1644-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1644-62-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1644-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download