2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93

Analysis

max time kernel
110s
max time network
199s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 10:54

Target

2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe
Size

130KB
MD5

a5a95312d68d43b598452d87da4a9ea9
SHA1

ef03c6dbfbfe9a087aa7974d104679a708612d6f
SHA256

2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93
SHA512

3b43f860f8fe1149e9a2889f837cd86c57775e3cac0cb2f5d07f6ba2435227a26ec45b79092976aec5e95f3472a6c8f0409f859271ee07942f9b7117e5d72011
SSDEEP

1536:CxzuOBT8Ydsem1QnO8+EiFs8jO+9WUh176X7AwdbKC1rG00CnbOBIjAlBA4b8eKy:wTG1QgXjBD6/IUuCbOqjsXb8ebdUDS/R

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1344-58-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1344-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1344-62-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1344-64-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1344	1516	2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe	28
PID 1516 wrote to memory of 1344	1516	2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe	28
PID 1516 wrote to memory of 1344	1516	2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe	28
PID 1516 wrote to memory of 1344	1516	2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe	28

C:\Users\Admin\AppData\Local\Temp\2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe
"C:\Users\Admin\AppData\Local\Temp\2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Users\Admin\AppData\Local\Temp\2c4ce2f647cbeb8f7daade6a95dd7e252e132fd48cfc5e84d868317b8ef65b93.exe
  ?
  2⤵
  PID:1344

memory/1344-58-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1344-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1344-62-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1344-63-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1344-64-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1516-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1516-56-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download