84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6

Analysis

max time kernel
162s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:18

Target

84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe
Size

141KB
MD5

38e75222b8a86480deb4df92c4550703
SHA1

97f5be3465313be029986f6c9f66e32ae8e2ad72
SHA256

84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6
SHA512

1436e4814972f24f0eaa579d8cbe64e8571167a2036acafc6198e9254844ca2b1a6cf1d7761742d6a51157277ab5b6e8709b748887ca5d6fc48510f258e49c62
SSDEEP

3072:6QpX3x1cqKZKWmvtWyfz7FvvL4rn50wEI/J:n8qKYWmFWyV25/E2

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1968-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1968-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1968-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1968-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 1968	2856	84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe	80
PID 2856 wrote to memory of 1968	2856	84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe	80
PID 2856 wrote to memory of 1968	2856	84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe	80

C:\Users\Admin\AppData\Local\Temp\84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe
"C:\Users\Admin\AppData\Local\Temp\84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\84fa4074b7e4086ea8752e44c873d662d73964823e97c2dfd16813b301cbdfa6.exe
  ?
  2⤵
  PID:1968

memory/1968-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1968-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1968-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1968-139-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1968-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2856-133-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download