59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:05

Target

59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe
Size

130KB
MD5

c8f6163ddc0d35d59a3a15c4ee7a1070
SHA1

dfd29a6722602fc7917cb30644d818550333b2b3
SHA256

59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f
SHA512

d2fcf1905fe89be8168a3406e7b27b17264907da757c1b3043bd5ac5983aa1ec498beedd641d56e880f6f1013b9c0d1c8caa6ac9318a7f12167c5780bb1f61aa
SSDEEP

3072:7TG1QgLHEBkLRb6HiOuiCbOqjsXb8eGdUDF/N:7TG1HLMkVbwiOuiCbKDD

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3020-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3020-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3020-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3020-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3020-142-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3020	1508	59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe	80
PID 1508 wrote to memory of 3020	1508	59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe	80
PID 1508 wrote to memory of 3020	1508	59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe	80

C:\Users\Admin\AppData\Local\Temp\59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe
"C:\Users\Admin\AppData\Local\Temp\59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Users\Admin\AppData\Local\Temp\59cfb16300fb4d0f294a7022eb66b8d79c63a519713c7043e5ec22d4f459392f.exe
  ?
  2⤵
  PID:3020

memory/1508-132-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1508-139-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3020-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3020-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3020-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3020-140-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3020-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3020-142-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download