611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058

Analysis

max time kernel
29s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 09:58

Target

611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe
Size

130KB
MD5

d2f688fec08ba06f29626c0a5821dde8
SHA1

ebc8e9260ffd6b3cfb02c8e9dc7c08eaf7229e3c
SHA256

611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058
SHA512

553e3d968933afec2c6186b31dccf7964c960ac9895340dd0aa3c318341af22298694c1e48a3207cc233aa503bfdf75f2aff9675c4db2b8beabdbb985fc5ef4c
SSDEEP

3072:mTG1QgCmb+7g1b2gb6uMCbOqjsXb8ewdUDg/w:mTG1HHwyagEClKD7

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1072-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1072-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1072-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1072-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 1072	688	611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe	28
PID 688 wrote to memory of 1072	688	611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe	28
PID 688 wrote to memory of 1072	688	611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe	28
PID 688 wrote to memory of 1072	688	611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe	28

C:\Users\Admin\AppData\Local\Temp\611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe
"C:\Users\Admin\AppData\Local\Temp\611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Users\Admin\AppData\Local\Temp\611358c4f9c08e2894c1db4d4e128dca19e1ebd4c0789cec2b64925447ced058.exe
  ?
  2⤵
  PID:1072

memory/688-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/688-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1072-55-0x0000000000000000-mapping.dmp

Download
memory/1072-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1072-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1072-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1072-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1072-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download