562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5

Analysis

max time kernel
141s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:09

Target

562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe
Size

130KB
MD5

2c810cc97d232001ff6c4f5fdab6d411
SHA1

097029c7ec0bf6fbc15e0e115b8e857e01dfd087
SHA256

562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5
SHA512

7c0b3bb87032b9d914e849fa6a354e53858db313ae71d55ef022bf4f0787c4a353a6a6d09a81848da7314d74738b8d308fcdbcf90299d395aec35ae147974257
SSDEEP

3072:3TG1Qgc504XIlEGokvOmCbOqjsXb8e0dUD5/+:3TG1HcKlPCdKDE

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4404-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4404-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4404-135-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4404-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4404-142-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4404	562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 4404	2220	562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe	79
PID 2220 wrote to memory of 4404	2220	562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe	79
PID 2220 wrote to memory of 4404	2220	562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe	79

C:\Users\Admin\AppData\Local\Temp\562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe
"C:\Users\Admin\AppData\Local\Temp\562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\562ad905d9c4ff7b9a1084645280150f5eff62eb50c04a4ea0c76882799b0ea5.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4404

memory/2220-132-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2220-133-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4404-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4404-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4404-135-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4404-140-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4404-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4404-142-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download