a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298

Analysis

max time kernel
42s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 18:16

Target

a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe
Size

221KB
MD5

9b72cbf7c19a78646d4b47d0ea44a6c7
SHA1

3814159a25ac9287bec4627853ed8af3bb181b59
SHA256

a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298
SHA512

5b002b01488ea481c60ad2719290f00dcc6bba610633b861d09b96443b64b81a078585aaf89320aa073dfef5bedaa9761899c55b4de556d7d0779fce94d85601
SSDEEP

6144:hevVcmiFN/hiWfxPf2Ddx1E83pcqZYZuuGUVrBNg:IvGmuNpiWfx0E83pRKGUVr7g

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1224-55-0x0000000000400000-0x0000000000453000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1224 set thread context of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28
PID 1224 wrote to memory of 1452	1224	a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe	28

C:\Users\Admin\AppData\Local\Temp\a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe
"C:\Users\Admin\AppData\Local\Temp\a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Users\Admin\AppData\Local\Temp\a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe
  "C:\Users\Admin\AppData\Local\Temp\a9395c54d0c9c3af2eef544ffd38a5522f1fc8fa4f2fa4b0f18e350621f1d298.exe"
  2⤵
  PID:1452

memory/1224-54-0x0000000075291000-0x0000000075293000-memory.dmp

Filesize
8KB

Download
memory/1224-55-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1452-56-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1452-57-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1452-59-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1452-60-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1452-62-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1452-66-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download