37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743

Analysis

max time kernel
94s
max time network
91s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 10:42

Target

37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe
Size

133KB
MD5

7b6b198ecd1c707c8cde133d41394bd4
SHA1

0e3cc05045b5764da681ce589a1475f8ca7db4eb
SHA256

37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743
SHA512

220e5fd23cd44de83264b24cfc3cb508b5de4562372576ec4cce0b0aae7e2fea93c079a74bab57fe93cbde2310979358fcab973058af82d0611cef3bf2594e5b
SSDEEP

3072:G1BRrbB9mjD2BGzbHI+W5/LA2N5lOMU3zPXWl/L:mBRrt9meHJ8rMUA

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/340-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/340-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/340-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/340-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 340	1384	37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe	28
PID 1384 wrote to memory of 340	1384	37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe	28
PID 1384 wrote to memory of 340	1384	37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe	28
PID 1384 wrote to memory of 340	1384	37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe	28

C:\Users\Admin\AppData\Local\Temp\37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe
"C:\Users\Admin\AppData\Local\Temp\37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Local\Temp\37e4ca0b5ac642c0ee68f816d7fafaab2b6f912b0ea673749d2e347f03dc2743.exe
  ?
  2⤵
  PID:340

memory/340-56-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/340-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/340-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/340-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/340-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/340-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1384-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download