d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 10:38

Target

d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe
Size

715KB
MD5

843ca3004c6af82e9ac1e9bd447752b6
SHA1

fa8b83cdc8217dc1695ce5572cb869da88bf6322
SHA256

d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360
SHA512

93a6f8b127b19f9eca3d32f686fc995fdd8035a7ec35a8eedc82c17d4a690b1723c1b559495e5f6923ba17231c167c2816f6ecf0e6a8735cab7a938d31c43742
SSDEEP

3072:6j64KQFgttYDBb7Hi8FNaCN6o5G/z61aOdhErD86FOy+0qsLzNQDFzzX0UB4wBwD:dgboq9BJmmw+7hGzESc1LG5sGc9kwIW

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1904-56-0x0000000000400000-0x00000000004B5000-memory.dmp	upx
behavioral1/memory/1904-60-0x0000000000400000-0x00000000004B5000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1904 set thread context of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27
PID 1904 wrote to memory of 960	1904	d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe	27

C:\Users\Admin\AppData\Local\Temp\d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe
"C:\Users\Admin\AppData\Local\Temp\d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe
  "C:\Users\Admin\AppData\Local\Temp\d35bb975ab4c97386d88943ffee2675c2e254248a27c94e3d2b2e27541424360.exe"
  2⤵
  PID:960

memory/960-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/960-61-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/960-62-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/960-63-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1904-56-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1904-60-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download