2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9

Analysis

max time kernel
193s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:05

Target

2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe
Size

133KB
MD5

14ee44191b57133736c517ad8d10922a
SHA1

d0c013e5bc2184811c7931bfe2aa92c3d41a472c
SHA256

2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9
SHA512

16d49613fee719c48b8841657d98def70280daab9f1534cad2f22ee692232c0046ce4f5c1d1ffd4e5cd6856f46846784c0650a4c18b1c404ae9ba6d5fc736314
SSDEEP

3072:UV3podQNTptA1rRx9toifphYSoA0GbhbhiBqiXWB/z:FyTXgRndDY5A0GbviBql

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4268-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4268-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4268-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4268-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4268-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4268	4108	2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe	83
PID 4108 wrote to memory of 4268	4108	2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe	83
PID 4108 wrote to memory of 4268	4108	2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe	83

C:\Users\Admin\AppData\Local\Temp\2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe
"C:\Users\Admin\AppData\Local\Temp\2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Users\Admin\AppData\Local\Temp\2244d928ece885112ea95d5743cfd9d3f094794c7e1770fd77801cbf635fd1e9.exe
  ?
  2⤵
  PID:4268

memory/4108-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4268-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4268-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4268-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4268-139-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4268-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4268-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download