dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 13:27

Target

dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4.exe
Size

26KB
MD5

5c86568ac35d8687fa502dc297ba2c89
SHA1

7793ad72a055fb87515e0b0fd06bfb0d880180dc
SHA256

dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4
SHA512

f97147c222f2a248936b0f179c429e02f05f39644a8a8b71491b016735c2ae39a4ed81cddb579f578125d101c0888fe778080095008a9daf8b7bedcd40304ef9
SSDEEP

768:fh88AXuTGJfLLgLLvxsLLc+QsFnrTKAnl:ftAeSJ4xXI6Al

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1308-59-0x0000000000400000-0x0000000000705000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1308	dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1308	dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1212	1308	dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4.exe	13
PID 1308 wrote to memory of 1212	1308	dd1600bf3c73b1948662764a777d6289de4f4b8433f41064024959ffa1b068c4.exe	13

memory/1212-55-0x00000000077C0000-0x0000000007CC0000-memory.dmp

Filesize
5.0MB

Download
memory/1212-57-0x0000000004940000-0x0000000004A3F000-memory.dmp

Filesize
1020KB

Download
memory/1308-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1308-59-0x0000000000400000-0x0000000000705000-memory.dmp

Filesize
3.0MB

Download