b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1

Analysis

max time kernel
72s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 08:32

Target

b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe
Size

141KB
MD5

6e8741b250a6607d8b1753685f596609
SHA1

8db7ccf6f6f6200ad6663822c2ef0140e0f4532a
SHA256

b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1
SHA512

6beb5d689323516dd823e91bb9c4c98daf7cef1e80cb3bd1e051663cabe91c281319fd411ac706a301ac07e5abc20829f6b4bde4b98feac269b888b98d704530
SSDEEP

3072:qQpX3xjLo1r1h1SdmhmvtWyfz7FvvL4rnc0wEy/z:X5k1r1hE0mFWyV2c/Ea

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2224-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2224-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2224-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2224-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2224-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 2224	880	b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe	79
PID 880 wrote to memory of 2224	880	b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe	79
PID 880 wrote to memory of 2224	880	b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe	79

C:\Users\Admin\AppData\Local\Temp\b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe
"C:\Users\Admin\AppData\Local\Temp\b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Users\Admin\AppData\Local\Temp\b20a895b80c7baa313051d1a3801ba051c6bf40f55d45f28a19e882aaf863de1.exe
  ?
  2⤵
  PID:2224

memory/880-133-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2224-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2224-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2224-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2224-139-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2224-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2224-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download