b1c7febfa944b16c07fc8667c52ec540c3afbfec4afdc16d186bb8fcee449079

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:28

Target

495aa283d71b1083263a4e43e788067f.exe
Size

243KB
MD5

495aa283d71b1083263a4e43e788067f
SHA1

35139cb98f18728344c119b4e4d676f4cb40a5cf
SHA256

b1c7febfa944b16c07fc8667c52ec540c3afbfec4afdc16d186bb8fcee449079
SHA512

d1c7db95729261613748b3f3b0c007b5d0343827c1702dfe06467c7bb9c18977ec3560e336adc684eddd855b8f05087e82896e462bd45f93c2c89b94b949a405
SSDEEP

3072:JBSKK2coM3CCzwvrkJlP+aDkDvILW+0/9QS7OjNL3/3U+Dp6pZOHQL+o:uKW3CawI2B7Ot09KJL3s+Dp6qHg5

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2460-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral1/memory/2460-16-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2460 set thread context of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28
PID 2460 wrote to memory of 1704	2460	495aa283d71b1083263a4e43e788067f.exe	28

C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
"C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
  C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
  2⤵
  PID:1704

memory/1704-9-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-5-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1704-13-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-17-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-18-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1704-20-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2460-1-0x0000000000220000-0x0000000000238000-memory.dmp

Filesize
96KB

Download
memory/2460-3-0x0000000000340000-0x00000000003A8000-memory.dmp

Filesize
416KB

Download
memory/2460-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2460-16-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download