11405b8ebe38cbfe41743bef6a8b3e5b2a51b2983956b70ecd493132464904b8

Analysis

max time kernel
144s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:14

Target

1157e9b29008bb7848d799d000c71f13.exe
Size

1.2MB
MD5

1157e9b29008bb7848d799d000c71f13
SHA1

c35613a53971fc674cf21494c623a831831dc155
SHA256

11405b8ebe38cbfe41743bef6a8b3e5b2a51b2983956b70ecd493132464904b8
SHA512

0ede93b9d99c2fff75649c26c0185fc51d5db5035c4c4b1888bf2832e459fa75d33b3da762df4f0f297906b3c1690a3d7370b9c9de9b540563c797a9d830c0e1
SSDEEP

24576:OW90qeLlptMk0HjAhyddXdztWyRz2lXmYS5MC//XYRmn0n7N2pUq+:OWteLlIPDAhyddtztbzsXmZMV/7N2pQ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x000000000076E000-memory.dmp	upx
behavioral1/memory/3028-3-0x0000000000400000-0x000000000076E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3028	1157e9b29008bb7848d799d000c71f13.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3028	1157e9b29008bb7848d799d000c71f13.exe

memory/3028-0-0x0000000000400000-0x000000000076E000-memory.dmp

Filesize
3.4MB

Download
memory/3028-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3028-2-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/3028-3-0x0000000000400000-0x000000000076E000-memory.dmp

Filesize
3.4MB

Download
memory/3028-5-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download