fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 06:59

Target

fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe
Size

133KB
MD5

a10b298c14400ea4d04e36e1d9d3ee9e
SHA1

aa2996720b36872d9092e066454f3ff8c4a1d19b
SHA256

fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e
SHA512

1dda3e4a6417ba0ad064b3ae9c309736c630a6d062779e6d83f8661e22e15b26889f5b7e1d6a4a8b5ac87f2a268afce60799c5c812a67609a1b711876ede4736
SSDEEP

3072:mV3poWvMht1Rjqg+CQn/leIifphYSoA0GbhbhieMqiUD+/Q:cvu1Vqgkde3DY5A0GbvieMq/Dd

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1932-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1932	fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1932	1500	fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe	27
PID 1500 wrote to memory of 1932	1500	fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe	27
PID 1500 wrote to memory of 1932	1500	fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe	27
PID 1500 wrote to memory of 1932	1500	fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe	27

C:\Users\Admin\AppData\Local\Temp\fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe
"C:\Users\Admin\AppData\Local\Temp\fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\fe06f44056dc545689f60183f348e0f4ad3fe9d6b88baf493d18a03f2f94208e.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1932

memory/1500-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1932-56-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1932-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1932-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download