b097ed632f075da65f97cfdf8a504553fd9b4758077d3d36bcfd1649cd902cb8

Analysis

max time kernel
76s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/06/2023, 13:20

Target

flappy-bird_release.exe
Size

1.4MB
MD5

b3d3982e3dfda360bb93aa924860712f
SHA1

dd6bfbc5d14591601034fa3d1d210da401b5030d
SHA256

b097ed632f075da65f97cfdf8a504553fd9b4758077d3d36bcfd1649cd902cb8
SHA512

98672478aa15f341770a3b3f7478f719a49d42661dc6995ba23b7ac064ccb8482d526643684e05c75b0f5c362f14e9f5dbc5a34e88d6a80132a2032789792fc7
SSDEEP

24576:vs4jj+WT7BEU93pbkHyfFxs2vxpsAXgTan3etmCrU5mv7Bobi38:v4Y7Bppu2ZiAwS7CoI

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1584-56-0x0000000010000000-0x0000000010092000-memory.dmp	upx
behavioral1/memory/1584-61-0x00000000001F0000-0x0000000000207000-memory.dmp	upx
behavioral1/memory/1584-63-0x0000000010000000-0x0000000010092000-memory.dmp	upx
behavioral1/memory/1584-65-0x0000000010000000-0x0000000010092000-memory.dmp	upx
behavioral1/memory/1584-66-0x00000000001F0000-0x0000000000207000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1584	flappy-bird_release.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1664	1584	flappy-bird_release.exe	28
PID 1584 wrote to memory of 1664	1584	flappy-bird_release.exe	28
PID 1584 wrote to memory of 1664	1584	flappy-bird_release.exe	28
PID 1584 wrote to memory of 1664	1584	flappy-bird_release.exe	28

C:\Users\Admin\AppData\Local\Temp\flappy-bird_release.exe
"C:\Users\Admin\AppData\Local\Temp\flappy-bird_release.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1664

memory/1584-56-0x0000000010000000-0x0000000010092000-memory.dmp

Filesize
584KB

Download
memory/1584-61-0x00000000001F0000-0x0000000000207000-memory.dmp

Filesize
92KB

Download
memory/1584-63-0x0000000010000000-0x0000000010092000-memory.dmp

Filesize
584KB

Download
memory/1584-64-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-65-0x0000000010000000-0x0000000010092000-memory.dmp

Filesize
584KB

Download
memory/1584-66-0x00000000001F0000-0x0000000000207000-memory.dmp

Filesize
92KB

Download
memory/1584-67-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-70-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-71-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-74-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-77-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-80-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-83-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download
memory/1584-86-0x00000000010D0000-0x000000000155A000-memory.dmp

Filesize
4.5MB

Download