89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
Size

357KB
MD5

ac04d918d524f74433c0a640c998e4ef
SHA1

eeb5553fdaea4e6dd79819c1c8d0072ba29703c9
SHA256

89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4
SHA512

5a41156642bc585dff3ed8f28043bb41e4ae1eeb7463dc707bb62497ea4255fa502b78654b95d76fad6e1ff535a977fc5b6ac5ccfc418e5cdd1f03a226180038
SSDEEP

3072:EfP4FGzopTIjywszepfklcg5AwAHIccmtBqG3jTeUJQ5l/Q4e0vI+0:EfP7GdzeVkjA/occEx3pil/b8+0

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1508-61-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1508 set thread context of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 384 set thread context of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 1508 wrote to memory of 384	1508	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	27
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28
PID 384 wrote to memory of 1364	384	89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe	28

C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
"C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
  C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe
    "C:\Users\Admin\AppData\Local\Temp\89f0d29c9bf27046510824b9302b2a3d41dd1a7354d0e9db856124b1b3e9b3e4.exe"
    3⤵
    PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/384-69-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/384-62-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/384-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1364-63-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1364-64-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1364-66-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1364-67-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1364-71-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1364-72-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1364-73-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1508-61-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download