0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 11:39

Target

0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe
Size

133KB
MD5

872e7e56ef9f60be3767750198e2b0d4
SHA1

9e400a20ed3ba7dca3e73db80e86ec5b4bc3e440
SHA256

0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430
SHA512

25ee25d4b4b253a1cfd48abdb8697d4b7ef6a9a902153ef9a3668f8c78ca8e36a11f223abc3ed92bf399a16410e2ec101810f4e9f86c9c43be9179e02256033f
SSDEEP

3072:8V3pokimEU/rEZohTcFBtlifphYSoA0GbhbhiUqiUDm/i:UitU/yohInaDY5A0GbviUq/Df

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1616-57-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1616-61-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1616-60-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1616-63-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1616	0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 1616	1532	0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe	28
PID 1532 wrote to memory of 1616	1532	0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe	28
PID 1532 wrote to memory of 1616	1532	0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe	28
PID 1532 wrote to memory of 1616	1532	0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe	28

C:\Users\Admin\AppData\Local\Temp\0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe
"C:\Users\Admin\AppData\Local\Temp\0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Users\Admin\AppData\Local\Temp\0286ad3906ac49a7518b4a7d07c024e342a9d2d5eb2fb69d9cc43db99e9bc430.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1616

memory/1532-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1616-57-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1616-56-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1616-61-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1616-60-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1616-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1616-63-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download