c95502a3b85d51eb15881dd97c80d6a37cbc26ff290876b37695bafd5e8a1987

Analysis

max time kernel
105s
max time network
27s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
25-11-2023 17:09

Target

NFOReader.exe
Size

146KB
MD5

fedfe40c96156fe034779a5a94495713
SHA1

36a524bf5a34403971dc76fe51ff2488b8389053
SHA256

373edb1f279daee26251a3ed59578611d67d2728539bf5f93896eda1bdeb3f26
SHA512

42de790ea783483c99c1337938bd8de1e3e4750f14d716afcb05e989a869fc47790f73cd065aca7ac9ab5a3032a6e8d6965d08a29ed26cbc37cd707ee02b54b2
SSDEEP

1536:4pdGUhopLJh1NZ+isIAFDwvKVnOGXxxa4XJJJJJHPXN3GlNeK1e:cdG1x+isIAFDfnOQxxaoJJJJJu

Score

7^/10

upx

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral5/memory/1212-0-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-1-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-2-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-3-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-4-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-5-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-6-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-7-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-8-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-9-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-10-0x0000000000400000-0x00000000004D8000-memory.dmp	upx
behavioral5/memory/1212-11-0x0000000000400000-0x00000000004D8000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 26 IoCs

C:\Users\Admin\AppData\Local\Temp\NFOReader.exe
"C:\Users\Admin\AppData\Local\Temp\NFOReader.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1212

memory/1212-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-3-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-4-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-5-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-6-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-7-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-9-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-10-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1212-11-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download