208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727

Analysis

max time kernel
41s
max time network
60s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:07

Target

208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe
Size

130KB
MD5

03f0640e54a69e084f99f0d0cd6957b5
SHA1

46c1a6e775c92e037714f6eab55bce6c17faab63
SHA256

208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727
SHA512

5aae09161bc39b85bd938dc238a328de1a26c0a236008b86299cf3f5b362b3de341502ae9bc766be70d3faf902aa6b132d9ea9a64a2d7d7f51c5b1945603357d
SSDEEP

3072:uTG1QgrXgoeQP8NrAt3CbOqjsXb8eUdXWs/g:uTG1HMxi8RAt3CBE

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/732-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/732-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/732-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/732-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 732	1200	208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe	27
PID 1200 wrote to memory of 732	1200	208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe	27
PID 1200 wrote to memory of 732	1200	208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe	27
PID 1200 wrote to memory of 732	1200	208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe	27

C:\Users\Admin\AppData\Local\Temp\208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe
"C:\Users\Admin\AppData\Local\Temp\208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\208606442ff0d0508a0fa74cc9dc96c3a6648f9937f7202c2a01cd749dbe1727.exe
  ?
  2⤵
  PID:732

memory/732-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/732-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/732-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/732-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/732-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1200-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1200-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download