5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 10:14

Target

5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe
Size

133KB
MD5

c315b19878609606d06e7c167be89a65
SHA1

c5f7ff36496dc728a552b3a2503496fb1f52d12f
SHA256

5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d
SHA512

db92a6d127331ced90224e8bf0218a340983cf9fad7387b3d86eb91252f4f7a7d00c9322b7a24872f514c5ce073ecb27f8789663b5d9df40cb320c0f416b5862
SSDEEP

3072:TV3poy9n/4byB4pL8ifphYSoA0GbhbhiCqiUDS/c:TliyB4pLzDY5A0GbviCq/DN

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1116-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1116-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1116-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1116-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1116	5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1116	1948	5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe	28
PID 1948 wrote to memory of 1116	1948	5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe	28
PID 1948 wrote to memory of 1116	1948	5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe	28
PID 1948 wrote to memory of 1116	1948	5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe	28

C:\Users\Admin\AppData\Local\Temp\5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe
"C:\Users\Admin\AppData\Local\Temp\5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\5251f43bbedb94877ba0b8abf0348ab46c0e2fd1135b1ee00fed466c4e3d3a5d.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1116

memory/1116-56-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/1116-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1116-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1116-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1116-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1116-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1948-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download