207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec

Analysis

max time kernel
45s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 11:07

Target

207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe
Size

140KB
MD5

d00a06e34335d7bdd3d2494e2fdc55ca
SHA1

bfb447facb9c73b6ab582727ec71c6ffd7d43400
SHA256

207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec
SHA512

f611f4fadc76187ab7d5b0101e8423f4bf53f30d94246ba0862966eba34ae186cd98363c8d260fae509487d100d8ed1da6d4c782b2134a66faf5750025e605f2
SSDEEP

3072:oUFQ5bKmTv8SQZIYLWMxqlqcIXXhQj+WDRKc3BNlwwEs/6:oUik9SQ2YLnBXWj1wcdEh

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1148-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1148-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1148-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1148-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1148	207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1148	1308	207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe	27
PID 1308 wrote to memory of 1148	1308	207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe	27
PID 1308 wrote to memory of 1148	1308	207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe	27
PID 1308 wrote to memory of 1148	1308	207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe	27

C:\Users\Admin\AppData\Local\Temp\207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe
"C:\Users\Admin\AppData\Local\Temp\207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\207fd174081c9d0488c3f72c4fffbb4f111e1a5c4657af8bc88b3f6041a766ec.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1148

memory/1148-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1148-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1148-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1148-63-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1148-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1308-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1308-56-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download