190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08

Analysis

max time kernel
172s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:15

Target

190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe
Size

133KB
MD5

c44ee49129f1d5e368f267c28d6238d3
SHA1

79faff98da1d33fdae9e86fd083a9b8b1243fcc3
SHA256

190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08
SHA512

8b0b7def1ac66800ffb7c5c4034faefe163e5d4d55dbd920d2a0d5257e88f9f69beab1c1962d549805ddff2e6f89656b7ff7134bfbc06ad740d71c2df6febcc5
SSDEEP

3072:qV3poJ2zAAOoifphYSoA0GbhbhiVqiXWw/1:72spDY5A0GbviVqO

Score

8^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4568-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4568-138-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4568-137-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4568-140-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4568-141-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 4568	1132	190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe	81
PID 1132 wrote to memory of 4568	1132	190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe	81
PID 1132 wrote to memory of 4568	1132	190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe	81

C:\Users\Admin\AppData\Local\Temp\190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe
"C:\Users\Admin\AppData\Local\Temp\190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Users\Admin\AppData\Local\Temp\190b084c4f0c07ce8b07d1039d43886d7756db2df562fdde26407c8aecd5ff08.exe
  ?
  2⤵
  PID:4568

memory/1132-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4568-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4568-138-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4568-137-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4568-139-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4568-140-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4568-141-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download