0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
24-06-2023 18:20

Target

0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe
Size

1.0MB
MD5

f7cc8eab4dd64391c581394b54abdb5b
SHA1

346989d689434e462d30ae1caa400b76bf4a8b78
SHA256

0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853
SHA512

f652196188ae212718bef23f339fa1ba2b9dc13e16765298d779e1de755a7c5ebfa152c5f6f691826cb19d6b39147dcb94a447aece03fe0c9182b4fed10ac474
SSDEEP

24576:oyeLi4j7G8f/pHPZdFajjVdVojzpTPDo:orL5G4KVdVojlT0

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1200-54-0x0000000010000000-0x000000001000B000-memory.dmp	upx
behavioral1/memory/1200-55-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe

pid process

1200 0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe

pid	process
1200	0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe

C:\Users\Admin\AppData\Local\Temp\0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe
"C:\Users\Admin\AppData\Local\Temp\0225040c0b8529b35983705c4be9b2aa65a852c86a0f77e191876bb7ae704853.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1200

memory/1200-54-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/1200-55-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download