cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494

Analysis

max time kernel
38s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 19:09

Target

cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe
Size

280KB
MD5

f211322a9fe90b8690a3bd52fa12debc
SHA1

b4ee56670cf290fceb4a939932e26f2ff219743f
SHA256

cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494
SHA512

80903aaffbb8338021b890fbacefea891f5baf5bdb28361be2fe2bd492a73c89e2fb2dc07a34e293f3ac3a1f5d8bc99d7568d3db858f7e24031ed9b779b9f739
SSDEEP

3072:qgKKloQSrkKgRENEI5apGTwQqVMTW0hiJDeaG1QtMVmgPva4AOVWKKPYHwpuar:PM1Zmg3AOBKPYHwJr

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1760-59-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1760 set thread context of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27
PID 1760 wrote to memory of 1200	1760	cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe	27

C:\Users\Admin\AppData\Local\Temp\cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe
"C:\Users\Admin\AppData\Local\Temp\cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe
  C:\Users\Admin\AppData\Local\Temp\cae8e11e6fc2bdca2c1c09fe51bfc92197aac365235824a743028fb277748494.exe
  2⤵
  PID:1200

memory/1200-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1200-60-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1200-61-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1200-62-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1760-59-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download