8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4

Analysis

max time kernel
297s
max time network
363s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:15

Target

8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe
Size

161KB
MD5

02851b6146102e1b4a7b87b6821e75b9
SHA1

7994fed021a259df3261c20a231dfdd0f3d3be73
SHA256

8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4
SHA512

1705076434de73912f65edb8f967dbc5279083df475f6da0b69eb6c59f830997a6bd458ac4ea4a79c485f0029cabb19cf9c3011c94ebec86bca7b160c6883f3e
SSDEEP

1536:M3Gnzr1vCt/EDT4y8uJdU/01n0Ucur3/Am1NcNW9zTJvFuyn16SS2oPlcQI:SklCuDTJZJB1n0Bur3/Am1xtAyA1IQ

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4592-132-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

Processes:

8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe

pid process

4592 8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe

pid	process
4592	8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe

description	pid	process	target process
PID 4592 wrote to memory of 2600	4592	8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe	Explorer.EXE
PID 4592 wrote to memory of 2600	4592	8ae37618e5ffbdad05c454d9859c69930060b3c7cf61028325bc304d8dbbdcf4.exe	Explorer.EXE

memory/4592-132-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4592-134-0x00000000001D0000-0x00000000001EA000-memory.dmp

Filesize
104KB

Download
memory/4592-133-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download