4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928

Analysis

max time kernel
84s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 23:28

Target

4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928.exe
Size

821KB
MD5

011c64755aa058b64d1fe94cd3548aea
SHA1

beef900a9370f42ea276773087a3090edf96b21a
SHA256

4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928
SHA512

7d31e7831ec69ead2440a2e700c54db18d7796e6a66c908e1d446c5e6c9e9b7274676a27a7b98bda5bc4003dd9445b75a862fec4f0175902280dd78123a05c61
SSDEEP

12288:fDEFFejatUXhtjaY021sy9WqPahaVKvIliuRyKQi6B3HN:fDEFF6wKh5aY0qsyUqyhzI0uRyKQi6ht

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/716-1-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/716-0-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/716-2-0x0000000010000000-0x0000000010018000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	716	4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928.exe
Token: SeDebugPrivilege	716	4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
716	4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928.exe
716	4ec873a684f03cbd75058b02097ecc8d7e1faa35c72931b7f560da0804852928.exe

memory/716-1-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/716-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/716-2-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download