b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 08:31

Target

b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe
Size

133KB
MD5

a388d9f6867a6349e4a27781e1ddc28b
SHA1

e18701996b27586764bd98692184bfe0d887337a
SHA256

b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890
SHA512

31883597be2d8878fe6fab3b52e572d1ad582ae85ede65ea4772969724d12d055c7e233568836d36c705e93b2aca4ba4a2be4cfb641c01e98cc39ef19c99bc16
SSDEEP

3072:BV3po45IrR7FyVQk3MoifphYSoA0GbhbhiZqiXWZ/m:tGl0ak3ODY5A0GbviZqE

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1416-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1416-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1416-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1416-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1416	b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1416	900	b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe	27
PID 900 wrote to memory of 1416	900	b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe	27
PID 900 wrote to memory of 1416	900	b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe	27
PID 900 wrote to memory of 1416	900	b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe	27

C:\Users\Admin\AppData\Local\Temp\b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe
"C:\Users\Admin\AppData\Local\Temp\b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Users\Admin\AppData\Local\Temp\b2929570025927ce54b097f2cbcbccd7d26a896f795f3f2cff64117ec28b3890.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1416

memory/900-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1416-54-0x0000000000000000-mapping.dmp

Download
memory/1416-56-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1416-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1416-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1416-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1416-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1416-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download