a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908

Analysis

max time kernel
191s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 08:40

Target

a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe
Size

134KB
MD5

5668d867852620c56d1482461d8c6fb9
SHA1

9173a676350dbd4fdd7b264d1d6bf61eb91469b7
SHA256

a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908
SHA512

abd3e8e3c3a51803f5b4d669f28021cef7f158f8532717582c6041c46d747e83aaf7c942af4bdae1b5cac6ce306223e2d35303af86b8ea04b091d386b89d9d92
SSDEEP

3072:B+y+YMtXhOnIOaR90ymkNPmkVMCZK+UDq/J:B+eGhOnIv9/mkNP6wyD8

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4144-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4144-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4144-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4144-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4144	a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 4144	3868	a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe	83
PID 3868 wrote to memory of 4144	3868	a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe	83
PID 3868 wrote to memory of 4144	3868	a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe	83

C:\Users\Admin\AppData\Local\Temp\a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe
"C:\Users\Admin\AppData\Local\Temp\a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Users\Admin\AppData\Local\Temp\a9df7583c9345066a7d812221a1d6e8708c17e24a63be881930b7e6bd5bef908.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4144

memory/3868-133-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4144-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4144-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4144-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4144-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4144-140-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download