c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8

Analysis

max time kernel
69s
max time network
198s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 08:07

Target

c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe
Size

67KB
MD5

d226b0b33d3c4103a2e04e17500fb84e
SHA1

42e0a837b751634560a86c67b32380d7c2289249
SHA256

c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8
SHA512

0cb180b712b9fddedb418e99ef17b33bc46fd2364bcf997a622c0536a771a9b57dcfc0bbe110e922acb33dbacbb76d8bd8f6b3a882fab15ccbec31728715e551
SSDEEP

1536:bBvVTskgJYHdHIOsFe+WfQUoLNHVi4G1wUs/x:bWA+jeu1/Ue/x

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1068-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1068-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1068-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1068-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1068-65-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1068	c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 1068	784	c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe	28
PID 784 wrote to memory of 1068	784	c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe	28
PID 784 wrote to memory of 1068	784	c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe	28
PID 784 wrote to memory of 1068	784	c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe	28

C:\Users\Admin\AppData\Local\Temp\c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe
"C:\Users\Admin\AppData\Local\Temp\c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Users\Admin\AppData\Local\Temp\c7e25b6a8b4f9deb27662c4b11b8063eb26862e3b429085747a22e71a5d631b8.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1068

memory/784-55-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/784-56-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/1068-57-0x0000000076941000-0x0000000076943000-memory.dmp

Filesize
8KB

Download
memory/1068-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1068-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1068-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1068-63-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/1068-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1068-65-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download