ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d

Analysis

max time kernel
22s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 02:27

Target

ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe
Size

144KB
MD5

6fb7a3734772822c05a7e80f10d123a9
SHA1

827ddfd9262d0f55578eb10c3764e1b9ac5adb86
SHA256

ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d
SHA512

4768b8f6dbd107bcfa92e08d71acd44aff813eaef4c176bf98e72f60b3901fc0f1ac8dad617aa07e3416d6cceda932cd10bb18d6da49faf7ce4f8aa13e09e410
SSDEEP

3072:um3gOSJDshgUtgCIYR9lDoS+ydl14BtZLItYHqf9w5TGCsdu9Fo:D3g5CgCJ9lsyqHiaqf9wdmdu9Fo

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1640-59-0x0000000000400000-0x0000000000426000-memory.dmp	upx
behavioral1/memory/524-63-0x0000000000400000-0x0000000000426000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1640 set thread context of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27
PID 1640 wrote to memory of 524	1640	ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe	27

C:\Users\Admin\AppData\Local\Temp\ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe
"C:\Users\Admin\AppData\Local\Temp\ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe
  C:\Users\Admin\AppData\Local\Temp\ebe43feeb0f8af1cd3ccd70355d92cb6f9e4d30aa4fef1c2e3929dfc9bc7b67d.exe
  2⤵
  PID:524

memory/524-56-0x0000000001000000-0x0000000001014000-memory.dmp

Filesize
80KB

Download
memory/524-60-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/524-61-0x0000000001000000-0x0000000001014000-memory.dmp

Filesize
80KB

Download
memory/524-62-0x0000000001000000-0x0000000001014000-memory.dmp

Filesize
80KB

Download
memory/524-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1640-59-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download