b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584

Analysis

max time kernel
142s
max time network
182s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 16:44

Target

b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
Size

1.1MB
MD5

ab739127f72512d0f631484fbe80bacd
SHA1

8447441d6d85015630e74851eaae4ecca274c33c
SHA256

b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584
SHA512

d161ae4fe0adb2cf285fc0337bdf76d00dd7045701f488cc4a36d0727ca2c0a479ae56b38a452f392c2af6fdedbe11aa5228d293e783ca3f87fee260c3fc6f94
SSDEEP

12288:XLx2KpmgXvsBBElYrUql5UWHFJuUJ095c0yjhjOuJ1r55pA:XLxQgXvs/EqrUqoIJuUGXA155+

Score

8^/10

dave

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

Processes:

resource	yara_rule
behavioral1/memory/1968-67-0x0000000000520000-0x000000000056E000-memory.dmp	dave

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe

pid	process
1968	b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
1968	b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe

C:\Users\Admin\AppData\Local\Temp\b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe
"C:\Users\Admin\AppData\Local\Temp\b21e1f9b59c893d80782a0d2570db2292144a47722ac03c7c4113bed6426e584.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1968

memory/1968-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/1968-55-0x0000000000570000-0x00000000005C1000-memory.dmp

Filesize
324KB

Download
memory/1968-59-0x0000000010000000-0x000000001004F000-memory.dmp

Filesize
316KB

Download
memory/1968-62-0x0000000001E00000-0x0000000001E4E000-memory.dmp

Filesize
312KB

Download
memory/1968-67-0x0000000000520000-0x000000000056E000-memory.dmp

Filesize
312KB

Download