52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 10:13

Target

52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe
Size

137KB
MD5

3c81d097a143e87ae0d9b4b6ee9946b1
SHA1

3770fff277b0bc53ee33192001dd09dfd0b05328
SHA256

52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac
SHA512

4c0842433861c181ce05db5079c3938b17e69e569f29085cac0bed6ad0b4fbf1a887dd526a63cac5a9533739b2c83cfd8e7cd3ed48a84b7e8b749397204aa2d5
SSDEEP

3072:3Vm4myoxbwn+fM2F9LmJirrCzvPwPUD7/1:3Vm3y8ws7FFmvzn5DZ

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/900-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/900-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/900-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/900-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/900-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
900	52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 900	5108	52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe	80
PID 5108 wrote to memory of 900	5108	52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe	80
PID 5108 wrote to memory of 900	5108	52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe	80

C:\Users\Admin\AppData\Local\Temp\52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe
"C:\Users\Admin\AppData\Local\Temp\52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Users\Admin\AppData\Local\Temp\52b55fe3ee5a4df417f80c76dbda55564d4ceb8828c90a0fb721bb3656356eac.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:900

memory/900-132-0x0000000000000000-mapping.dmp

Download
memory/900-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/900-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/900-136-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/900-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/900-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/900-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/5108-133-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download