d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e

Analysis

max time kernel
39s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 07:54

Target

d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe
Size

132KB
MD5

0f6cc9874b3da71e97d01634f4b23f4d
SHA1

ae539324e4d80dd9cb6801c56263d8dc9e7469c4
SHA256

d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e
SHA512

14fbd0a0a74cc63400147f31ae2fdac9e850cc77361c1bad8e98c8f340160e63c658593b0fefb122124306bad5fe054cdf457969f4de6bc06456ecc7db62a07b
SSDEEP

3072:D9BZYZGvCYQtyS01lLWI+W5/LA2N5lOMUrzPUDE/t:5BZ5Z1hZJ8rMUEDm

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2028-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2028-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2028-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2028-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2028	d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2028	2024	d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe	28
PID 2024 wrote to memory of 2028	2024	d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe	28
PID 2024 wrote to memory of 2028	2024	d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe	28
PID 2024 wrote to memory of 2028	2024	d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe	28

C:\Users\Admin\AppData\Local\Temp\d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe
"C:\Users\Admin\AppData\Local\Temp\d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\d203dc04fb0c5739ee09463e88f25d737f4b5eebb127c8ad73239d166346174e.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2028

memory/2024-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2028-56-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/2028-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2028-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2028-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2028-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2028-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download