7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23

Analysis

max time kernel
154s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:29

Target

7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
Size

130KB
MD5

cbaad39e1fcdd077ecc278e06e42666e
SHA1

7ac4f9a0b1074bf4323edd124ab097828d24ad88
SHA256

7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23
SHA512

afcf78ffb5dc60e0c4e0bce48d43ea84394ac9108958bce120736b224e81f717be6ef366b5d829c6b891f74e1187d221fdd8a52e426fde63e2c07f43cee25fbd
SSDEEP

1536:C5zuOBT8Ydsem1QnO8+EiFMZ6wHy1S0fs587cy4NT5G00CnbOBIjAlBA4b8eKi8o:oTG1QgA1F0odyMoCbOqjsXb8eTdUDa/j

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4724-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4724-136-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4724-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4724-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4724-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4724	4772	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	80
PID 4772 wrote to memory of 4724	4772	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	80
PID 4772 wrote to memory of 4724	4772	7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe	80

C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
"C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Users\Admin\AppData\Local\Temp\7a6ac8d9506aff13637909cc2d9fe71ee51ffd30dfad17ec30edd7229b0edf23.exe
  ?
  2⤵
  PID:4724

memory/4724-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4724-136-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4724-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4724-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4724-140-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4724-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4772-137-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download