146e6319be1d5232df22fe3911f3d447ed69a4db820971723ccd39f4ef868a27

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
20/12/2022, 09:44

Target

file.exe
Size

8.0MB
MD5

4c97bff6c6e80a0d5af1c558832c48cc
SHA1

cc2aad2afd63c3bea2ebd7c745346105bd79c863
SHA256

146e6319be1d5232df22fe3911f3d447ed69a4db820971723ccd39f4ef868a27
SHA512

1523fb45ad116638adf7bc1f99f83eab1944bb4f15c964ba0a8216b935114c472f7845f6935d4371506e48d44dfd2b6028b5d282a72f009f153d6fce8c432ae1
SSDEEP

98304:hTCdbfDZzWfI4gd+Bl59vkwjpwKNjtbMj/oKMZVaLzp:lYr1uI4gd+T3d5bqhpx

Score

8^/10

upx

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/960-57-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/960-59-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/960-60-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/960-63-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/960-64-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/960-65-0x0000000000400000-0x0000000000470000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1280 set thread context of 960	1280	file.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28
PID 1280 wrote to memory of 960	1280	file.exe	28

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:960

memory/960-56-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-57-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-59-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-60-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-63-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-64-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/960-65-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1280-54-0x0000000001040000-0x0000000001848000-memory.dmp

Filesize
8.0MB

Download
memory/1280-55-0x000000001BCA0000-0x000000001BFC2000-memory.dmp

Filesize
3.1MB

Download