bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 22:34

Target

bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
Size

54KB
MD5

c1a3bc1d1413640b09f48ff3825534c7
SHA1

8844eeb26a6eaf3405464bc2ed3133fa56214e96
SHA256

bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321
SHA512

04f54676749b84cf78a7b28ab1abeeb75d658d68ed22869783bc626eeb711161aff997c2dd413997b34f4195bff784e46f3561c6454d37c3fde2a76f4f19ea72
SSDEEP

1536:c4mHXRhTn8hMUfidHZ85lcH9LTxUkNy2fk3ictPXnmsm:c4ABmMUIHW5lcFTikIgcRP3Fm

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1672-55-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral1/memory/1672-64-0x0000000000400000-0x0000000000419000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1672 set thread context of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1672 wrote to memory of 1896	1672	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	27
PID 1896 wrote to memory of 1408	1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	15
PID 1896 wrote to memory of 1408	1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	15
PID 1896 wrote to memory of 1408	1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	15
PID 1896 wrote to memory of 1408	1896	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	15

memory/1408-67-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1672-55-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1672-64-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1896-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1896-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1896-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1896-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1896-65-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1896-66-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/1896-70-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1896-71-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download