aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f

Analysis

max time kernel
137s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 08:39

Target

aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe
Size

133KB
MD5

0835b39e137b4beef6716db68cadc3d7
SHA1

6d8f26d73a4ab480211546a29c6d03ba4d9a79b4
SHA256

aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f
SHA512

4ac52c09c41aaa26c50ea2a30cc2e88adb23ce800d81feb86493e1552ebba1ed17f7e287afeab1f2158047b95611bcdce2ceabc99154a07836674843ba4c64bd
SSDEEP

3072:4V3podE0vk6hvzp5CRk4ZifphYSoA0GbhbhiZqiUDN/I:Wek6hrpT4YDY5A0GbviZq/De

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4200-135-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4200-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4200-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4200-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4200	4548	aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe	82
PID 4548 wrote to memory of 4200	4548	aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe	82
PID 4548 wrote to memory of 4200	4548	aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe	82

C:\Users\Admin\AppData\Local\Temp\aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe
"C:\Users\Admin\AppData\Local\Temp\aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Users\Admin\AppData\Local\Temp\aab8a4895964759fdd448f3719590f2737ff9b5683208bc178475a3d0b037b9f.exe
  ?
  2⤵
  PID:4200

memory/4200-132-0x0000000000000000-mapping.dmp

Download
memory/4200-134-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4200-135-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4200-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4200-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4200-140-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4200-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4548-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download