0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701

Analysis

max time kernel
142s
max time network
149s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 05:54

Target

0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe
Size

65KB
MD5

0a532e4e681d34e1683fd45bdd2cba1f
SHA1

9fae7679891d852607f77134e5e90a97cfd63749
SHA256

0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701
SHA512

0ab9983fcb344940a43c52636d54be5ca86db6b087b42f1f7f1d46aa0de783af85161e67c380d895e485f5757c608956195141258779cc7c4f4aca376ea9cc62
SSDEEP

1536:/bNNYzQbJ6ic1Iyvd/qkz9cNFZe++TgXO:TjYzQMX2ydHmg35

Score

8^/10

upx

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1488-59-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/1056-58-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1056-63-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1056-64-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1056-67-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1056-69-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/1056-68-0x0000000000400000-0x0000000002728000-memory.dmp	upx
behavioral1/memory/1056-70-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1488 set thread context of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26
PID 1488 wrote to memory of 1056	1488	0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe	26

C:\Users\Admin\AppData\Local\Temp\0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe
"C:\Users\Admin\AppData\Local\Temp\0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Users\Admin\AppData\Local\Temp\0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe
  C:\Users\Admin\AppData\Local\Temp\0fc8fa372a0c69db35861a32a92d7c0403571c236efa13e2389d6db63ef43701.exe
  2⤵
  PID:1056

memory/1056-67-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1056-55-0x00000000001B0000-0x00000000002AA000-memory.dmp

Filesize
1000KB

Download
memory/1056-57-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1056-70-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1056-68-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1056-58-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1056-69-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1056-63-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1056-64-0x0000000000400000-0x0000000002728000-memory.dmp

Filesize
35.2MB

Download
memory/1488-59-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1488-61-0x00000000002D0000-0x00000000002D4000-memory.dmp

Filesize
16KB

Download
memory/1488-60-0x00000000002C0000-0x00000000002D0000-memory.dmp

Filesize
64KB

Download
memory/1488-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download