cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a

Analysis

max time kernel
148s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 02:19

Target

cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe
Size

354KB
MD5

6f4955d8939cec2befa35675262480c8
SHA1

9d994629bc52bb779ebf4bc6f7f83459cd436512
SHA256

cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a
SHA512

e996fb0c2611c77c1b3561ef0b6940e6abf1da84ff2de5989e0261436e3f9b705923ff620b15e928f6ad054100621894ef98bb1590a37ca1340410b9d5448a0e
SSDEEP

6144:Etx++PRSzLLgetYCNMr8N61MCOp8m4wX7RgWuZd68B2tPjwVGwVna8tAeGIDo:gjkcetY5YGMCVHmgBZd/B2tbuXtA8Do

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1304-55-0x0000000000400000-0x00000000004C9000-memory.dmp	upx
behavioral1/memory/1408-61-0x0000000000400000-0x00000000004C9000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~3\SydxN3nsFt7Jkw	SydxN3nsFt7Jkw.exe

Suspicious behavior: EnumeratesProcesses 45 IoCs

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe
1408	SydxN3nsFt7Jkw.exe
1408	SydxN3nsFt7Jkw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1408	1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe	27
PID 1304 wrote to memory of 1408	1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe	27
PID 1304 wrote to memory of 1408	1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe	27
PID 1304 wrote to memory of 1408	1304	cef9f3f26071f8c861b93c8d4e488c6b5cdeef8acbb60c7364c9c853775ff60a.exe	27

memory/1304-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download
memory/1304-55-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1304-56-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1304-58-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1408-57-0x0000000000000000-mapping.dmp

Download
memory/1408-59-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/1408-61-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1408-62-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download
memory/1408-63-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/1408-64-0x0000000000400000-0x00000000004C9000-memory.dmp

Filesize
804KB

Download