2973dc8f213728f1c43d7a3f12b4ab79db28985976ff5f9322e114ac76a2f42d

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 03:52

Target

xjtbxgq/文件图标修改器.exe
Size

45KB
MD5

a88a1b837bb49c2f668fd07fa50a7a51
SHA1

616588cd8d2b989b90103b8c88a0b60f3328bc3d
SHA256

ae717ad3285b6cfd222e5a9a4336f77d329f334cabc9d02560adfe1a22d72be4
SHA512

ab1c2711934523c792c4067b6fb06f4d8732c801fe60188d45a81d816ba5ad810de1773d5b085656cc32264f27b3f6d0b1edaaf50f7b0e05ee6cfb745ad06dfd
SSDEEP

768:oDtOSXRjNEbyyZgtC9hXrzc2rDRRlQstaZ/L/EtciSHf5MDLbrMto19:gXRjNPINrVf5QsYZD/EtKMHb4y

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral4/memory/4284-132-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral4/memory/4284-136-0x0000000000400000-0x0000000000428000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4284	文件图标修改器.exe
4284	文件图标修改器.exe

C:\Users\Admin\AppData\Local\Temp\xjtbxgq\文件图标修改器.exe
"C:\Users\Admin\AppData\Local\Temp\xjtbxgq\文件图标修改器.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4284

memory/4284-132-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4284-136-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download