278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:59

Target

278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe
Size

131KB
MD5

a58681c2dc7d89bc79f3718cc7f07c71
SHA1

3b10b472f7e241277b05b5bcd3e4309666fea54a
SHA256

278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3
SHA512

de92b3caeca3b6afb30300ce2f862e89206094ac0d7d0f3f8880af44ea7d747a811017d0e5e3edbb475f07f31abb4f872d57177b48c1b90ff36d05555ec33917
SSDEEP

3072:tV3polOxn0oe5CtORxoifphYSoA0GbhbhiM6qIWxA/R:bRjeEODY5A0GbviM6qG

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4496-136-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4496-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4496-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4496-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4496-143-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4496	278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 4496	3016	278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe	80
PID 3016 wrote to memory of 4496	3016	278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe	80
PID 3016 wrote to memory of 4496	3016	278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe	80

C:\Users\Admin\AppData\Local\Temp\278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe
"C:\Users\Admin\AppData\Local\Temp\278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\278153d802cd6ccd1b543f50c253a7d1811c7d72473bec658d7ce74c6a1e19a3.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:4496

memory/3016-132-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3016-134-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4496-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4496-136-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4496-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4496-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4496-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4496-142-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4496-143-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download