7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 09:29

Target

7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
Size

130KB
MD5

cbaad39e1fcdd077ecc278e06e42666e
SHA1

7ac4f9a0b1074bf4323edd124ab097828d24ad88
SHA256

7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23
SHA512

afcf78ffb5dc60e0c4e0bce48d43ea84394ac9108958bce120736b224e81f717be6ef366b5d829c6b891f74e1187d221fdd8a52e426fde63e2c07f43cee25fbd
SSDEEP

1536:C5zuOBT8Ydsem1QnO8+EiFMZ6wHy1S0fs587cy4NT5G00CnbOBIjAlBA4b8eKi8o:oTG1QgA1F0odyMoCbOqjsXb8eTdUDa/j

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1880-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1880-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1880-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1880-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1880	1672	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	27
PID 1672 wrote to memory of 1880	1672	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	27
PID 1672 wrote to memory of 1880	1672	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	27
PID 1672 wrote to memory of 1880	1672	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	27

C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
"C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
  ?
  2⤵
  PID:1880

memory/1672-54-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/1672-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1880-55-0x0000000000000000-mapping.dmp

Download
memory/1880-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1880-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1880-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1880-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1880-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download