20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:16

Target

20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe
Size

230KB
MD5

a172425af993f2f0ec7a1fda9726c965
SHA1

a9375e576e222e3ff7ac0a6b812b4a98092e87a3
SHA256

20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084
SHA512

a86e3b49d751712068256d929551bf9a2c6ba68f5747321cb2f7ca2b7442e42aa79f9fffef5ef2876b982bf2847fa43a4e26310a8beaec2dab40116776bb2a4c
SSDEEP

6144:6mOMZb76zAuvjlj97E3FuJLr3zvXTj3/3ErQj3NhOB+ZNXAZW31R20vkBUtVUJqu:6mOMZb76zAuvjlj97E3FuJLr3zvXTj34

Score

8^/10

upx

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1760-135-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral2/memory/1760-136-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral2/memory/1760-137-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral2/memory/1760-138-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral2/memory/1760-141-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
behavioral2/memory/1760-142-0x0000000000400000-0x00000000004A6000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2128 set thread context of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe
1760	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81
PID 2128 wrote to memory of 1760	2128	20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe	81

C:\Users\Admin\AppData\Local\Temp\20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe
"C:\Users\Admin\AppData\Local\Temp\20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe
  C:\Users\Admin\AppData\Local\Temp\20bf864dcfc072bec5a8d5738370e5ddabf7bae195ff5cae5106a97217566084.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1760

memory/1760-135-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1760-136-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1760-137-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1760-138-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1760-141-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1760-142-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download