f3c42c28d3931b12be72a924fbab22017f59d2744c7f53c39a079c034eb7f0d5

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:26

Target

HEUR-Trojan-Ransom.Win32.exe
Size

277KB
MD5

26fa913a18e039bef6170ac39ca9488d
SHA1

287a66c50b7927e05a235b6b76cc7e50ced4efc6
SHA256

f3c42c28d3931b12be72a924fbab22017f59d2744c7f53c39a079c034eb7f0d5
SHA512

97b7f84825f9f6ddec5519809ed929a50e35afd930c5d360b9b39b9069ebf8660f53e36543caf6849d6a016f690341604812591f60c8aacd5ec62e0be1114f2a
SSDEEP

6144:PKNlZbHsIrosc51Muk6tsxSwFhi2qNHef:ub5ros76tkSUhi2qQf

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1788-54-0x0000000000400000-0x000000000046F000-memory.dmp	upx
behavioral1/memory/1788-65-0x0000000000400000-0x000000000046F000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1788 set thread context of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27
PID 1788 wrote to memory of 304	1788	HEUR-Trojan-Ransom.Win32.exe	27

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.Win32.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.Win32.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.Win32.exe
  C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.Win32.exe
  2⤵
  PID:304

memory/304-56-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/304-57-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/304-59-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/304-60-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/304-62-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/304-67-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1788-54-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1788-55-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download
memory/1788-65-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download