8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf

Analysis

max time kernel
140s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:08

Target

8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe
Size

133KB
MD5

ed27a5c87754101a848c41bb76cb92e2
SHA1

351a43157f57aa03f703fac7deb9612b4193f668
SHA256

8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf
SHA512

9b42772a46dc5fbb8bddd94bf34fc532c8feb82157d501ef4fa25dee9a0066f069581bbc5904b41074a9b390a455ff5553b370c3e0bf63fab3c13d57e6ca580c
SSDEEP

3072:hV3po25PwRtH+B88g7qurI6kJifphYSoA0GbhbhitqiUDZ/M:D5IP+B88g7frvkIDY5A0Gbvitq/D2

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4108-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4108-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4108-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4108-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4108	8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4108	2268	8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe	82
PID 2268 wrote to memory of 4108	2268	8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe	82
PID 2268 wrote to memory of 4108	2268	8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe	82

C:\Users\Admin\AppData\Local\Temp\8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe
"C:\Users\Admin\AppData\Local\Temp\8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\8e8ff2fd58e7dc411a9aa5956361b929e694f2b2bdf9ae4cf6643eaf49b276cf.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4108

memory/2268-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4108-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4108-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4108-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4108-139-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4108-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download