40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 10:33

Target

40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe
Size

130KB
MD5

adadbaee903559c26e29c414bf690eb3
SHA1

a949b8e6c847ac06f3408427a1260bf335d99171
SHA256

40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367
SHA512

8b0cfafa23c1c03ae3c08a69cd5be70335e6d18d1a5acb2eb4ec6d32fefca6f09984fddd7b60bbe7361bd9ead355cfe8c4e1b9ee3ae0082ca030fb3d90bbf656
SSDEEP

3072:TTG1QgUxYShGtfYa0iW3CbOqjsXb8eVdXW0/v:TTG1H+YShGtfAiW3Cwn

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/884-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/884-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/884-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/884-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/884-65-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
884	40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 884	1812	40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe	28
PID 1812 wrote to memory of 884	1812	40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe	28
PID 1812 wrote to memory of 884	1812	40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe	28
PID 1812 wrote to memory of 884	1812	40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe	28

C:\Users\Admin\AppData\Local\Temp\40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe
"C:\Users\Admin\AppData\Local\Temp\40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Users\Admin\AppData\Local\Temp\40ff5cbb8b6ed99a817daf7b50db7b0eb3c9b17be7f8fa43100f6a1c9f8d7367.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:884

memory/884-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/884-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/884-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/884-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/884-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/884-65-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1812-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1812-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download