78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9

Analysis

max time kernel
144s
max time network
160s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 09:10

Target

78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9.exe
Size

73KB
MD5

b76839542df80b82569af8dc3df95733
SHA1

fbf344ac97927f0bf32b593d7930507250b0f37f
SHA256

78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9
SHA512

3e868f3a3bfeac40828cf823632ecb12b3f0578e8b28de84c98dc04fd2ac55d06eabb92d0fae9822392ed6a4e04081a1a1c5f98c5bd36acd7526afbc4a25f50f
SSDEEP

768:3cpz1ipRcHSi7NWfZFfaLXO169C5VvHZwm11avpXl50gpSe1hjtcLwt4P1:MHsO7c/iLe164FHZA/50g7h5qL1

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1976-55-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral1/memory/1976-56-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1976	78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9.exe

C:\Users\Admin\AppData\Local\Temp\78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9.exe
"C:\Users\Admin\AppData\Local\Temp\78254bf93270a2f1827e6805160f9a7b297e03d74986de75e7a363d359900ac9.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1976

memory/1976-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download
memory/1976-55-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1976-56-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download