6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f

Analysis

max time kernel
77s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:45

Target

6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe
Size

130KB
MD5

ff24734d6a1289e8a3effe3373fef78e
SHA1

acb448cb247b4aab60f93031c85336eac9c121f2
SHA256

6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f
SHA512

9ea54d3b660e7c1fdff992be091432a666e036af3486c8d54bc3450a59622ee66c8b1888a1b728c256a7ebf454336a4b06b8dc369cdd11e74691d6ddfdd788a9
SSDEEP

3072:dTG1Qgas6BQ/sjeDMzlXQCbOqjsXb8eYdUDa/l:dTG1HazBQ/s6aXQCJKDs

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3628-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3628-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3628-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3628-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3628-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 3628	1612	6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe	82
PID 1612 wrote to memory of 3628	1612	6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe	82
PID 1612 wrote to memory of 3628	1612	6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe	82

C:\Users\Admin\AppData\Local\Temp\6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe
"C:\Users\Admin\AppData\Local\Temp\6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\6cd8eaae9de010d82cc60832c2de85092fb36d5e292bdf4083da75449bf7412f.exe
  ?
  2⤵
  PID:3628

memory/1612-133-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3628-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3628-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3628-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3628-139-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/3628-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3628-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download