219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:06

Target

219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe
Size

136KB
MD5

90ac7599231c4410eb422fa06b119a79
SHA1

18bd361e9acc188a9759bb6d5c59a8d9a58f5642
SHA256

219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3
SHA512

8d162444dc4e3970882a2af4ba4e1c1eb55e20e6109930f4340eadb04a36d468f12f68c2b4f8eff7bb682625b76a5c81580ef9bea0107aaa044170cfaf6fa9b4
SSDEEP

3072:tTG1QgWShjQ3G6B7W2CbOqjsXb8e+I0JhOUvwrhUN9P1/y:tTG1HWIjcx/CvlDY

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1772-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1772-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1772-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1772-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1772	219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1772	1584	219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe	26
PID 1584 wrote to memory of 1772	1584	219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe	26
PID 1584 wrote to memory of 1772	1584	219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe	26
PID 1584 wrote to memory of 1772	1584	219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe	26

C:\Users\Admin\AppData\Local\Temp\219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe
"C:\Users\Admin\AppData\Local\Temp\219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Users\Admin\AppData\Local\Temp\219addeefbb125b496c4c7d6f405726df47069235e163a4037cac35f8ec4b5b3.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1772

memory/1584-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1584-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1772-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1772-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1772-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1772-63-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1772-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download