13da551972698b87c72be38a2eb9646c11c4a1df325b669d9e76f792cae7b14d

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 11:32

Target

看海弹窗广告杀手/看海升级.exe
Size

426KB
MD5

978f94f2062bcc75aec36db111540229
SHA1

854bb514140c568154d50c7b5afa1dd8d547e1ca
SHA256

5aa1697d38c71ce248245d22b686bba18c8135c6ed313edc337d1e0de977b600
SHA512

d51a74a1e79ab6c95e30abe189d02129bf0f9948528d92fc8cd11b4aa4411fca3f5f0613829266b629103fb05c754af28746cfe2e96be5853b08f078037f30b5
SSDEEP

6144:tU2BTcDW03iBcVeb10X5fTdKShH8k+XUk0sSO2dsJEH+RWrpRrr7n/j7y:a2B7bmxdN8kGjhxJU3pRrrTbu

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1672-59-0x0000000000400000-0x0000000000517000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1672	看海升级.exe
1672	看海升级.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1672	看海升级.exe

memory/1672-54-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/1672-58-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/1672-59-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download