20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281

Analysis

max time kernel
20s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:06

Target

20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe
Size

132KB
MD5

68839918b90a4b3b0556efebcbfe99db
SHA1

279d23ef0c392c1b29d3fad4096497452cc0c6f6
SHA256

20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281
SHA512

f394f202e75b837782213b234704ac447332b6fcbbb019a7be199d65daff194a14e9f09bd75514de06d464e3018c7e51694cc7c163b87469afd310d998a08cb1
SSDEEP

3072:3O3jOi+iCjHKZGE9zwNIheb5HTuHl2gaL7DKONgc4/p96QINGXW0/B:epCjH8dJS5TSOzW

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1932-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1932-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1932	1644	20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe	28
PID 1644 wrote to memory of 1932	1644	20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe	28
PID 1644 wrote to memory of 1932	1644	20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe	28
PID 1644 wrote to memory of 1932	1644	20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe	28

C:\Users\Admin\AppData\Local\Temp\20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe
"C:\Users\Admin\AppData\Local\Temp\20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\20c28e1f863ef8fa51971004daf4ea0ed9a9c638a668c60ac50d99d072162281.exe
  ?
  2⤵
  PID:1932

memory/1644-55-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1932-56-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1932-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1932-62-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1932-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download