90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2023 08:12

Target

90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe
Size

14.1MB
MD5

b6563955675f54900fb1e76a5682f88b
SHA1

d87198a1ff60cab0f4fec6b4cb32558f0c096707
SHA256

90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb
SHA512

8debc876ccd31dc38de9d369f4db40c2e04f30cc297af9fa16043d988a726af3a14ae09ae4a492a41c87befd3751c32f833a92f8b3985c197695602951dc2be0
SSDEEP

49152:Koq+hVZEYRYybJLOqmu3sgYy1daUEWsDVA3BB:LhVOYRYybVGu3shy1daHJpM

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3648-1-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/3648-5-0x0000000010000000-0x0000000010018000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3648	90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe
3648	90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe
3648	90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe

C:\Users\Admin\AppData\Local\Temp\90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe
"C:\Users\Admin\AppData\Local\Temp\90aa1f19e2be88b456117a2c01a86f9eceaa2e0c31a647fdb3c238ee3b869ccb.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3648

memory/3648-1-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3648-3-0x0000000077610000-0x0000000077700000-memory.dmp

Filesize
960KB

Download
memory/3648-4-0x0000000077610000-0x0000000077700000-memory.dmp

Filesize
960KB

Download
memory/3648-5-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/3648-6-0x0000000077610000-0x0000000077700000-memory.dmp

Filesize
960KB

Download