b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6

Analysis

max time kernel
180s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 03:32

Target

b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe
Size

81KB
MD5

44f5024e8d8c887fff982212753fef73
SHA1

fe98b998aeaa11597b1bf62ae779535ddaf4545d
SHA256

b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6
SHA512

76802437ca168ffaec9365e92cc1fdb29120e7402a1864eece6b03ff1cc7ffd7ab697dd36e405da9cddd07aad8253320ec9560519f784ab29cf072c4d8ad5267
SSDEEP

1536:Dd8XvWbmH5VO1VXHZorvjg904fGb9/gqM3f3gyHnDDCu76zvX4iggWOUIbqzecnb:Brbu43ZMg9004yHnDDzOzv3gPOTGeqb

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4248-132-0x0000000000400000-0x000000000042F000-memory.dmp	upx
behavioral2/memory/4248-138-0x0000000000400000-0x000000000042F000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4248 set thread context of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe
4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe
4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe
4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4248 wrote to memory of 4980	4248	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	80
PID 4980 wrote to memory of 700	4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	54
PID 4980 wrote to memory of 700	4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	54
PID 4980 wrote to memory of 700	4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	54
PID 4980 wrote to memory of 700	4980	b87a2b0963a163122e33f9b1aca8be905646cd8f73995bc242731631aa20eee6.exe	54

memory/700-141-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4248-132-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4248-138-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4980-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4980-139-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/4980-140-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/4980-142-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download