e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1

Analysis

max time kernel
41s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 23:52

Target

e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1.exe
Size

706KB
MD5

b0236df8a5c8bb60f2bddf3acb3fc918
SHA1

64ee5213c0fb56e351c3a4991f88e46632adfa6e
SHA256

e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1
SHA512

4a28e43fe021cb836259858ae2df923037ab4d036e69db3397a52b3507169f95c4ebb0a1143ff48554dfdf03d9ef1b891ebf093e4244ac294a37e4e675bedd5c
SSDEEP

12288:yik2y3fRx3m73Cbfccr2J6iKwnU1aurh9cpCpC8bCWI+cCs/Q4bBcQSvSMiyYU:NkhfR5y3Sccr2J6gn039cpC7xITKvFYU

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/688-54-0x0000000000400000-0x00000000004B8000-memory.dmp	upx
behavioral1/memory/688-58-0x0000000000400000-0x00000000004B8000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
688	e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fitooooo.dll	e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
688	e5ff56ad63ae675e026e094a76ad7cfd4bd11cc398735d481751f8afc24ccec1.exe

\Windows\SysWOW64\fitooooo.dll

Filesize
1.3MB

MD5
e45494ddae9b7eae720082b305795a94

SHA1
85ad31313d33b357254fcd180116e12b1e26cd85

SHA256
86ccc12f870ba1a75dba78014fc9eafc5de669852ca503587d02070484cb56c0

SHA512
1946c6ae3eacc3ccac3e868692bc222559961187b4bed1112e56dc61f5202e8f54a9b4d22a2d8fcd4cc0ddbb9cbe6eb030f14589bc7f2286f973611276f46901

Download Submit
memory/688-54-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/688-58-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download