a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 17:32

Target

a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe
Size

70KB
MD5

4423e833004b65910023661284c6b7b9
SHA1

9f29fba3044018345d5b3f708a2da865df008454
SHA256

a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da
SHA512

da4c586dcb265ca8ed2613698939bea8dae3f30f569df07c348ddbae9c19be51779044dcb6da6fafff11427881c00f845094ee2465a4a4f45b1e99322f29ab21
SSDEEP

1536:n7JDKotkQ0B+nXbXNJc0M0FTqfFO2HZRjUGyl5AjY+yWq2+KZU9:7Vtx0B+nXbXNC0M/HrElEOWq2a9

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4772-134-0x0000000000400000-0x000000000044D000-memory.dmp	upx
behavioral2/memory/4772-138-0x0000000000400000-0x000000000044D000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4772 set thread context of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe
3376	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81
PID 4772 wrote to memory of 3376	4772	a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe	81

C:\Users\Admin\AppData\Local\Temp\a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe
"C:\Users\Admin\AppData\Local\Temp\a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Users\Admin\AppData\Local\Temp\a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe
  C:\Users\Admin\AppData\Local\Temp\a1cff1024689d19f77d2e2aef825c31bb4032af0f3fb36573d2de4de978040da.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3376

memory/3376-136-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3376-141-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3376-142-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4772-134-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/4772-138-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download