4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815

Analysis

max time kernel
58s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 21:55

Target

4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe
Size

508KB
MD5

40723c3bffec53babf2549780d4adea6
SHA1

ec26980234d4c2f441198277809ecb00fbba3162
SHA256

4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815
SHA512

51be93a468a074c5aff6be2fbcf7ec0e6468d64b20a7940109a775016ed95af911e2862c9054ae945051a4813cc767915c73f35821495f962235f32b9f7cbe64
SSDEEP

12288:STROu0nF/J1OF08ZJdePnULrAQLEm0b3q4orcomRMlGFCRC8:ST8u0nFS9RAQAhaDrct+luCRC

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2040-55-0x0000000000400000-0x0000000000599000-memory.dmp	upx
behavioral1/memory/2040-70-0x0000000000400000-0x0000000000599000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2040 set thread context of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1984	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe
1984	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe
1984	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28
PID 2040 wrote to memory of 1984	2040	4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe	28

C:\Users\Admin\AppData\Local\Temp\4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe
"C:\Users\Admin\AppData\Local\Temp\4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe
  "C:\Users\Admin\AppData\Local\Temp\4e5ce9d9bc1140e8622ee4bac9727009b1b54103265ed54edd9575508e0cc815.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984

memory/1984-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-62-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-64-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-67-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-69-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1984-73-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2040-55-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download
memory/2040-54-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download
memory/2040-70-0x0000000000400000-0x0000000000599000-memory.dmp

Filesize
1.6MB

Download