bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321

Analysis

max time kernel
354s
max time network
461s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:34

Target

bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
Size

54KB
MD5

c1a3bc1d1413640b09f48ff3825534c7
SHA1

8844eeb26a6eaf3405464bc2ed3133fa56214e96
SHA256

bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321
SHA512

04f54676749b84cf78a7b28ab1abeeb75d658d68ed22869783bc626eeb711161aff997c2dd413997b34f4195bff784e46f3561c6454d37c3fde2a76f4f19ea72
SSDEEP

1536:c4mHXRhTn8hMUfidHZ85lcH9LTxUkNy2fk3ictPXnmsm:c4ABmMUIHW5lcFTikIgcRP3Fm

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3052-132-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral2/memory/3052-138-0x0000000000400000-0x0000000000419000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3052 set thread context of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe
3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3052 wrote to memory of 3992	3052	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	81
PID 3992 wrote to memory of 2164	3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	68
PID 3992 wrote to memory of 2164	3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	68
PID 3992 wrote to memory of 2164	3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	68
PID 3992 wrote to memory of 2164	3992	bc59bacdee2f08fbf8bdce8657f3d1f3f1bf0f9a355b31902e444f3b97bb3321.exe	68

memory/2164-141-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3052-132-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3052-138-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3992-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3992-139-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3992-140-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3992-142-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download