422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f

Analysis

max time kernel
306s
max time network
363s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 10:32

Target

422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe
Size

134KB
MD5

d356e8c4c3739db615922049f8b31771
SHA1

a9625ff536913f688c3317630765ad43d6a8b673
SHA256

422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f
SHA512

e8a333d2a8a9050056a33f96dd81368974a10255a4c3a435e399d6c94999820cb575b685ffe7d7a4f29bfc11ac2a010ca2f51a4c41fd6ee2eb05ac59b27110ab
SSDEEP

3072:D+yCJOQPkyqAIgO5aR90ymkNPmkVMCZf+UDP/s:D+XJOQP3qY9/mkNP6wzDs

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2872-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2872-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2872-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2872-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2872	422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2872	1296	422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe	81
PID 1296 wrote to memory of 2872	1296	422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe	81
PID 1296 wrote to memory of 2872	1296	422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe	81

C:\Users\Admin\AppData\Local\Temp\422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe
"C:\Users\Admin\AppData\Local\Temp\422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Users\Admin\AppData\Local\Temp\422e9c03eb823759ec487821c2147488d09bf39dfaeb08b6c0fd4cf69c176e8f.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2872

memory/1296-133-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2872-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2872-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2872-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2872-139-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2872-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download