855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0

Analysis

max time kernel
37s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:17

Target

855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe
Size

132KB
MD5

232a2733eb9cbd8da096e53a0e9812a2
SHA1

cc2db97c2330470f4a5d5ac6149cfac653e5c84d
SHA256

855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0
SHA512

ef95247bdd7f49eeae7b5a10efa29f9208cc920469cde4c530434ff5664345f7c8184118ca864d74c865756ae59443a0b14d6c0764edc2b6deea811e3777f1de
SSDEEP

3072:rPBsKTIfByNhgLcJHyz2I+W5/LA2N5lOMUqzPXWL/M:7BLTWehgLMHydJ8rMUk

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1400-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1400-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1400-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1400-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1400	855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1400	1192	855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe	27
PID 1192 wrote to memory of 1400	1192	855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe	27
PID 1192 wrote to memory of 1400	1192	855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe	27
PID 1192 wrote to memory of 1400	1192	855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe	27

C:\Users\Admin\AppData\Local\Temp\855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe
"C:\Users\Admin\AppData\Local\Temp\855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\855b59c641c04138b4ab706e9167882928d226b13672fa7240ea717f65b220a0.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1400

memory/1192-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1400-56-0x0000000076701000-0x0000000076703000-memory.dmp

Filesize
8KB

Download
memory/1400-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1400-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1400-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1400-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1400-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download