4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560

Analysis

max time kernel
150s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 10:27

Target

4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe
Size

130KB
MD5

217c819b7d72b177e8194b5ea0a0598f
SHA1

756ab2885f121ac42488549be3ea29c6b48d6bef
SHA256

4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560
SHA512

a864a5904fdfff7f0a60984b30a95eb43c34e5c817e6c76f5dd4e29d4acf272ee6783b8db933ef5f7808462b8598ea28a2c38ecd07a6087a1b5a3b50b83ae450
SSDEEP

3072:3TG1QgryT4Yvw7Hj0V7ig4dUdCbOqjsXb8eidUD0/3:3TG1HrQXwToR4cC7KDM

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2040-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2040-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2040-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2040-139-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2040-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 2040	1168	4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe	78
PID 1168 wrote to memory of 2040	1168	4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe	78
PID 1168 wrote to memory of 2040	1168	4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe	78

C:\Users\Admin\AppData\Local\Temp\4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe
"C:\Users\Admin\AppData\Local\Temp\4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Users\Admin\AppData\Local\Temp\4657dadb9bc14184a3763c17682b2aefaa62a2c5d7fd035dcabada8e3f542560.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2040

memory/1168-135-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2040-132-0x0000000000000000-mapping.dmp

Download
memory/2040-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2040-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2040-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2040-139-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2040-140-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2040-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download