98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf

Analysis

max time kernel
64s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 11:33

Target

98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe
Size

137KB
MD5

0c39aa3c2e37cde45d00fda7fd8f82d4
SHA1

fce5155adea5d106d904d4a590bb64ece3c50392
SHA256

98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf
SHA512

b40b17ca65215b6e962a5b2be9ee62b2fedbdf1c77c57d792388b247dcd624996ae96d32af0a5726f6d755ed0e16b17f40b803b5fa704c0122b37988f27c787c
SSDEEP

3072:fjJfjHpjJQ7xS2ySxoMoKSUB8yAW8O3XWD/N:fpdjJQ7xSrSmMfB8BVx

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3612-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3612-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3612-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3612-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3612	4808	98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe	80
PID 4808 wrote to memory of 3612	4808	98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe	80
PID 4808 wrote to memory of 3612	4808	98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe	80

C:\Users\Admin\AppData\Local\Temp\98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe
"C:\Users\Admin\AppData\Local\Temp\98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Local\Temp\98ec7e017f67a26b1101afde42e267d4522cc855f4259d32fc0af9b8b4252abf.exe
  ?
  2⤵
  PID:3612

memory/3612-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3612-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3612-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3612-139-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3612-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4808-133-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download