75f08cc158895e0eed8323762a9486f5be55aa45a849b1264ed040ff300d1437

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 20:30

Target

3b514156f8a463bdb48904efaf11b157.exe
Size

79KB
MD5

3b514156f8a463bdb48904efaf11b157
SHA1

ffbcd473e9efe1ba5bdd71e2a4e7b4c1bddea257
SHA256

75f08cc158895e0eed8323762a9486f5be55aa45a849b1264ed040ff300d1437
SHA512

3bfde8d272d6a4bf2954dd0963e35438327bd334e577913b804d896b969391c9d31db1985151a4a73fceac5e287f10facf6eebc3d542c6f631b3bcfb59590617
SSDEEP

1536:L0hikR66gXGmamiZVWqtyx69S5rUsYzvpsTgSaC0wnehQqlGMjzDGMrSKIhoBcBo:L0h16Qmamiuq8lrgzBsReeA3zrZFCQp

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2732-0-0x0000000000400000-0x000000000041A429-memory.dmp	upx
behavioral2/memory/2732-6-0x0000000000400000-0x000000000041A429-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2732 set thread context of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2732	3b514156f8a463bdb48904efaf11b157.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 2732 wrote to memory of 208	2732	3b514156f8a463bdb48904efaf11b157.exe	88
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47
PID 208 wrote to memory of 3596	208	3b514156f8a463bdb48904efaf11b157.exe	47

memory/208-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/208-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/208-8-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/208-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/208-16-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2732-0-0x0000000000400000-0x000000000041A429-memory.dmp

Filesize
105KB

Download
memory/2732-6-0x0000000000400000-0x000000000041A429-memory.dmp

Filesize
105KB

Download
memory/3596-10-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3596-12-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download