18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13

Analysis

max time kernel
36s
max time network
108s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 15:44

Target

18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe
Size

693KB
MD5

7380f346863ba9c367cc292bdbe1fed0
SHA1

24e1b89c64dbc6ecb279cc1f6d979fcccb507e3f
SHA256

18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13
SHA512

7b4e3a0bd64073efa42e9641c53414e5c601f8a4b174ab8c451ba3f8185be57f610ff02439833214e5848fb78b1c759682357da77063bb826e1a5fb759c8ebe4
SSDEEP

12288:MeW2ra/szjCeKJo12cyilXmiaEedfoMPM5dPfSF7x7XfFAYlzfoS:MuraszOe112PiYiaEedf3MjHAK2

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1612-54-0x0000000000400000-0x00000000004ED000-memory.dmp	upx
behavioral1/memory/1612-68-0x0000000000400000-0x00000000004ED000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1612 set thread context of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26
PID 1612 wrote to memory of 1620	1612	18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe	26

C:\Users\Admin\AppData\Local\Temp\18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe
"C:\Users\Admin\AppData\Local\Temp\18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe
  C:\Users\Admin\AppData\Local\Temp\18f4310247ec46b4d115da078c18c3881d98c057b842b55d806bb6a0d835da13.exe
  2⤵
  PID:1620

memory/1612-54-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1612-68-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1620-55-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-56-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-58-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-60-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-62-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-65-0x00000000005C0000-0x0000000000678000-memory.dmp

Filesize
736KB

Download
memory/1620-67-0x0000000000676BD6-mapping.dmp

Download