f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 07:11

Target

f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe
Size

134KB
MD5

80e636852e98b5c7b8e0325f4fff964b
SHA1

dd96f28ab893a2a017e5798932c9d1ebffd21ab0
SHA256

f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf
SHA512

d7763f8a0777797c58adb4ad2e830ab55b949449b6d94e2f0a43deb19a82805b0037f82cb38cd77c4853d5f7bf606d4010d44d1e90eacd9d512a6c06a1036d83
SSDEEP

3072:D+y3igDl4+doinpJaR90ymkNPmkVMCZh+UDq/WD:D+G/DY+i9/mkNP6w9D5

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1280-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1280-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1280-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1280-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1280	f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1280	2008	f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe	27
PID 2008 wrote to memory of 1280	2008	f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe	27
PID 2008 wrote to memory of 1280	2008	f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe	27
PID 2008 wrote to memory of 1280	2008	f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe	27

C:\Users\Admin\AppData\Local\Temp\f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe
"C:\Users\Admin\AppData\Local\Temp\f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\f55b9d9a940c281f9e18529ea483048d1eb2a3f9fb58f54032d65cca93658fbf.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1280

memory/1280-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1280-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1280-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1280-63-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1280-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2008-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download