48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415

Analysis

max time kernel
189s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:24

Target

48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe
Size

133KB
MD5

1b5ce1af4b0e67b85795549367d761dd
SHA1

92e1d3a768408875b37f67e0299a043a5b47eaa1
SHA256

48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415
SHA512

98e87968a3777c1c2d2b95b5cbac4874d15cade606a2640590e77b075f35f9ec2eaeeec08407608b8b81851719146e874e79b1a1ba526ed819cc10aa076e4a6b
SSDEEP

3072:iV3pokMvXnWEbjfu0rdzoifphYSoA0GbhbhiMqiXW5/VB:lvGcjz1DY5A0GbviMqXB

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1936-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1936-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1936-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1936-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/1936-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1936	628	48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe	80
PID 628 wrote to memory of 1936	628	48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe	80
PID 628 wrote to memory of 1936	628	48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe	80

C:\Users\Admin\AppData\Local\Temp\48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe
"C:\Users\Admin\AppData\Local\Temp\48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:628
- C:\Users\Admin\AppData\Local\Temp\48f906dab07e307eafcae857ef5aa5251f360e68f730df14a1d7d00fda964415.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1936

memory/628-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1936-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1936-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1936-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1936-139-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1936-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1936-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download