04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4

Analysis

max time kernel
149s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 08:35

Target

04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4.exe
Size

768KB
MD5

9f48d96c63f1074249f2b80662e8f2da
SHA1

fc5317bd2193050154452418ef81fc2758249983
SHA256

04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4
SHA512

fd8f3cfac5116b481b596394bb30fb7afcd27844eec16415291d9aede3ac25d22de813f39c2563b78694f83cfc1a3f99c8f8ea5d9ce79a12b00b6f7be8e5cf8a
SSDEEP

12288:RmHTLo4HJRz6t4YFRFSD/d0x5P7dvFSdkHBHXHD2HHHI1HRHHWHHOxHXc6UDRnJR:RmZHPzg4WFq/Sv7dvMdkHBHXHD2HHHIQ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5056-1-0x0000000002370000-0x000000000237B000-memory.dmp	upx
behavioral2/memory/5056-2-0x0000000002370000-0x000000000237B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5056	04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4.exe
5056	04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4.exe

C:\Users\Admin\AppData\Local\Temp\04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4.exe
"C:\Users\Admin\AppData\Local\Temp\04aea9aba6fd6970c611e41803888e192299dcdfdd9ba70ceaab6071e4aa0cd4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5056

memory/5056-1-0x0000000002370000-0x000000000237B000-memory.dmp

Filesize
44KB

Download
memory/5056-2-0x0000000002370000-0x000000000237B000-memory.dmp

Filesize
44KB

Download