844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c

Analysis

max time kernel
80s
max time network
101s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:19

Target

844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe
Size

140KB
MD5

5bb2ca51ee90539726c1a571a443fe5b
SHA1

dc7b16e59fa90bb2d696bcb6d72cf92da48c008e
SHA256

844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c
SHA512

52374e2454273d124ef1e0d6d920f7ae8fad4fee01b5cee0bbbac2837dc46ae642dbc5e00869f4c952feb1cfd4adda654425820688988556359450e5c6819f4b
SSDEEP

3072:VUvSvUN6BaA9wA7yWMxqlqcIXXhQj+WDRKcLBNlwwES/j:VUBaaFYynBXWj1wcJEq

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1984-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1984-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1984-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1984-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1984	2028	844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe	28
PID 2028 wrote to memory of 1984	2028	844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe	28
PID 2028 wrote to memory of 1984	2028	844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe	28
PID 2028 wrote to memory of 1984	2028	844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe	28

C:\Users\Admin\AppData\Local\Temp\844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe
"C:\Users\Admin\AppData\Local\Temp\844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\844b22f69279cae9456c17d5b0d3ca4917a11c3720b60ac0ae8e355e99974f0c.exe
  ?
  2⤵
  PID:1984

memory/1984-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1984-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1984-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1984-63-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2028-54-0x0000000076651000-0x0000000076653000-memory.dmp

Filesize
8KB

Download
memory/2028-56-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download