d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad

Analysis

max time kernel
173s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 07:51

Target

d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe
Size

130KB
MD5

6b01f3879329ea6d9c40a6c1b5ec103a
SHA1

c77ffba531f4f8b9cabbaa7f211ac7efb5df8ec2
SHA256

d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad
SHA512

247726c7d1a1d7ffa3c47f1f47edcf7c1b25ded006861a380b5f268f59b5c6d3f4a99390d1d734de2bc5e49e1452ae992a2e61535486a0afb048897303b09e6a
SSDEEP

3072:ZTG1Qg9j8XDIChECbOqjsXb8eoodUDS/3:ZTG1H5mIEEC/oKDS

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1516-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1516-136-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1516-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1516-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1516	2288	d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe	84
PID 2288 wrote to memory of 1516	2288	d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe	84
PID 2288 wrote to memory of 1516	2288	d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe	84

C:\Users\Admin\AppData\Local\Temp\d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe
"C:\Users\Admin\AppData\Local\Temp\d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\d543b4ff0f58e6644258757835a439d878447bf8259e767c1f697658d684c5ad.exe
  ?
  2⤵
  PID:1516

memory/1516-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1516-136-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1516-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1516-139-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1516-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2288-138-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download