9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d

Analysis

max time kernel
148s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 10:03

Target

9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
Size

925KB
MD5

8e9aa9a53d2c02925a25bb7c5a08fbb1
SHA1

f94ae6fe8f14542892f39229b5ef89d797b9f995
SHA256

9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d
SHA512

6f2f906e20ce436f0bd96beed6052e0bcc1d8c2677dc0d3bfa50d9d850013e44e0393e0502a506b1c9d86fe5487a1a21fca16a4aec2d35adfe7abad680b1ace5
SSDEEP

12288:Qmf8PzkvaBHmLV8P22zx+kdJ00Bvuyymhcx1UG6HyNrSjqOuPn6mc2RREYJaR:LSkv/VCWkdJ0OpGmyNtjPn68REYs

Score

8^/10

upx

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4872-133-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4872-135-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4872-136-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4872-137-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4872-138-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4872-139-0x0000000000400000-0x00000000004E9000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4908 set thread context of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4872	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
4872	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
4872	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
4872	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
4872	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79
PID 4908 wrote to memory of 4872	4908	9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe	79

C:\Users\Admin\AppData\Local\Temp\9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
"C:\Users\Admin\AppData\Local\Temp\9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Users\Admin\AppData\Local\Temp\9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe
  "C:\Users\Admin\AppData\Local\Temp\9d55f3ac03fab39bc5fb6664b9479031359dbd77c7a4536743dd766fad60f12d.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4872

memory/4872-133-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4872-135-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4872-136-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4872-137-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4872-138-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4872-139-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download