54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:11

Target

54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe
Size

137KB
MD5

21a53a22038b3d9392b2342995edec1d
SHA1

a9db50fd5fa28f19291046cfb0417c1c55dd7e30
SHA256

54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3
SHA512

176480b6c4e6ac9ba74d51aad775b0aead845e17dd1fb32766ca72a5276acba35cbeef112575709e747f9c09ed022798d337f698a21cd6cee5efe346b9aba10a
SSDEEP

3072:GVU2hb66Cf8WmC2u2F9LmJirrCzvPwoUD7L/y:GVU2wVmC21FFmvznsD7G

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2220-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2220-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2220-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2220-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2220-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 2220	4056	54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe	79
PID 4056 wrote to memory of 2220	4056	54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe	79
PID 4056 wrote to memory of 2220	4056	54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe	79

C:\Users\Admin\AppData\Local\Temp\54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe
"C:\Users\Admin\AppData\Local\Temp\54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Users\Admin\AppData\Local\Temp\54b214a6598d22b313c7fb8e2946e99c40c445948146f4324ea3dc16319635c3.exe
  ?
  2⤵
  PID:2220

memory/2220-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2220-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2220-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2220-139-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2220-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2220-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4056-133-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download