705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270

Analysis

max time kernel
60s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:40

Target

705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe
Size

137KB
MD5

38ef33cd2d38c8cdacfe924213fe8cd2
SHA1

e67c1e86c03d4304a795b1e6be2e6ede3c231394
SHA256

705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270
SHA512

a3bde1de6c65ebea80bdf0c3ac45a98a9f4574c5d5c108e0408052d6760ea9ec1bae83b97555494cf3591e7898fbd6b6fa1471f4dc1be87ebebf6abfa29c9895
SSDEEP

3072:YV2iw063+6IOpEaJ2F9LmJirrCzvPwHUDB/y:YVs0yEawFFmvzn9Dg

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1584-135-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1584-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1584-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1584-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1584-142-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1584	705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 1584	3540	705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe	83
PID 3540 wrote to memory of 1584	3540	705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe	83
PID 3540 wrote to memory of 1584	3540	705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe	83

C:\Users\Admin\AppData\Local\Temp\705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe
"C:\Users\Admin\AppData\Local\Temp\705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Users\Admin\AppData\Local\Temp\705cb5ce046bb9f1f93f225a89e0142da500792666d937564ce2ae4ae248a270.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1584

memory/1584-134-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1584-135-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1584-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1584-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1584-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1584-141-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1584-142-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3540-133-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download