5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 12:43

Target

5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
Size

925KB
MD5

37fa1769fbd0996d400b2a14b898b88b
SHA1

9b93c9fb4f224bf7399f6906c6cecf7f9a5246c3
SHA256

5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c
SHA512

74095afa82e7a6169f7acb09cb9981e9893eca5e0c1a5e9e2d0371584a7dcf5cabe3dd1b7bc4d782a9a2a52d561cf8c3144ae51b782bff3c3e6e4dc23d5e5606
SSDEEP

12288:gmf8PzkvaBHmLV8P22zx+kdJ00Bvuyymhcx1UG6HyNrSjqOuPn6mc2RREYJaR:7Skv/VCWkdJ0OpGmyNtjPn68REYs

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4760-133-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4760-135-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4760-136-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4760-137-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral2/memory/4760-138-0x0000000000400000-0x00000000004E9000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

Processes:

5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

description	pid	process	target process
PID 3488 set thread context of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

pid	process
4760	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
4760	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
4760	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
4760	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
4760	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

description	pid	process	target process
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
PID 3488 wrote to memory of 4760	3488	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe	5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe

C:\Users\Admin\AppData\Local\Temp\5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe
"C:\Users\Admin\AppData\Local\Temp\5e38d749268261e5c41a9a225ff0e6c68279a7d2cf47e6c05c0f406c0ddf230c.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4760

memory/4760-132-0x0000000000000000-mapping.dmp

Download
memory/4760-133-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4760-135-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4760-136-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4760-137-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4760-138-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download