e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad

Analysis

max time kernel
25s
max time network
64s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 07:32

Target

e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe
Size

71KB
MD5

b466df7d6d8889cff718c235ee01fe35
SHA1

9d1f8e6346b610f4b4350c57358322180320f9a3
SHA256

e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad
SHA512

a14d7654f6859d710c470e16b991b7affc87f8fa91118a45cce6b6a86a1de71a7a359045a39c08ba8fde1eda53c3c169ba6375222140daa33ff5df38aa81e29f
SSDEEP

1536:kuLUGZDEhjHy9iVCi3MdVRtL3yVd8iGm+HrRkApyVNsTDs/YM:nLNDEhjHXmdxnpyYTY/r

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1456-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1456-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1456-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1456-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1456-65-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1456	e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 1456	848	e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe	28
PID 848 wrote to memory of 1456	848	e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe	28
PID 848 wrote to memory of 1456	848	e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe	28
PID 848 wrote to memory of 1456	848	e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe	28

C:\Users\Admin\AppData\Local\Temp\e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe
"C:\Users\Admin\AppData\Local\Temp\e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Users\Admin\AppData\Local\Temp\e51c49dc72f2e6b7a58f5b9c168401ea8a316e8a4abe2d6081500d255fa242ad.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1456

memory/848-56-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/848-55-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1456-57-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1456-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1456-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1456-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1456-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1456-63-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/1456-65-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download