e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0

Analysis

max time kernel
70s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:07

Target

e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe
Size

85KB
MD5

2e1a710f1ee6485d2c19a75e1982359a
SHA1

dbd7a0cd3a74a080c1366e66efcb367260210a90
SHA256

e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0
SHA512

e2221d9201311559c2ed877fd7eb6a98b1432f93ddd4baf76ddbcdace96b3757100e533a309e9fcf437dbcda9ddd1b3a8c0e3852a48905ccf00c09951ca2dad4
SSDEEP

1536:kIijj1hg7lGi1cMHRG8UlR/mMFzlJ2VP11pCXVTG0CqPUf63qQDNWJ52/rp:kfj47lGkcORlInNlEVDpgVG0Cq063FDT

Score

8^/10

upx

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2472-132-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/4656-136-0x0000000001000000-0x000000000102A000-memory.dmp	upx
behavioral2/memory/4656-138-0x0000000001000000-0x000000000102A000-memory.dmp	upx
behavioral2/memory/2472-139-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/4656-140-0x0000000001000000-0x000000000102A000-memory.dmp	upx
behavioral2/memory/4656-141-0x0000000001000000-0x000000000102A000-memory.dmp	upx
behavioral2/memory/4656-142-0x0000000001000000-0x000000000102A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2472 set thread context of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80
PID 2472 wrote to memory of 4656	2472	e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe	80

C:\Users\Admin\AppData\Local\Temp\e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe
"C:\Users\Admin\AppData\Local\Temp\e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Users\Admin\AppData\Local\Temp\e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe
  "C:\Users\Admin\AppData\Local\Temp\e16e08b3351383783a3dbd72f1bb847baaa8a0cab167c93c384ac723e57bf6b0.exe"
  2⤵
  PID:4656

memory/2472-132-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2472-139-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4656-136-0x0000000001000000-0x000000000102A000-memory.dmp

Filesize
168KB

Download
memory/4656-138-0x0000000001000000-0x000000000102A000-memory.dmp

Filesize
168KB

Download
memory/4656-140-0x0000000001000000-0x000000000102A000-memory.dmp

Filesize
168KB

Download
memory/4656-141-0x0000000001000000-0x000000000102A000-memory.dmp

Filesize
168KB

Download
memory/4656-142-0x0000000001000000-0x000000000102A000-memory.dmp

Filesize
168KB

Download