8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18

Analysis

max time kernel
55s
max time network
52s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:15

Target

8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe
Size

137KB
MD5

62b6c29885a00a1cd5b0698c8e164c71
SHA1

6c4e743362e421550446a2eab79dc528ef56e6b1
SHA256

8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18
SHA512

3ea5c19dd3ec788a38e3351a4a330ffddccc04cff3d80422ae01856f0ca9a6cd5c298f554d269e2bfb7a7e2d8634e393bb43f318c582cd344429590912858a83
SSDEEP

3072:hVCuNk2xF5aDqblvdIw2F9LmJirrCzvPwTUDE/e:hVCB2PMDqbFdQFFmvznFDd

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/892-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/892-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/892-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/892-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/892-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
892	8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 892	1168	8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe	28
PID 1168 wrote to memory of 892	1168	8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe	28
PID 1168 wrote to memory of 892	1168	8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe	28
PID 1168 wrote to memory of 892	1168	8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe	28

C:\Users\Admin\AppData\Local\Temp\8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe
"C:\Users\Admin\AppData\Local\Temp\8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Users\Admin\AppData\Local\Temp\8766aac5741f7c5a70d1159b39ebbe463b3107ebd58e8290b17fe0d85af1ae18.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:892

memory/892-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/892-56-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download
memory/892-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/892-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/892-62-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/892-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/892-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1168-55-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download