b1c7febfa944b16c07fc8667c52ec540c3afbfec4afdc16d186bb8fcee449079

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 01:28

Target

495aa283d71b1083263a4e43e788067f.exe
Size

243KB
MD5

495aa283d71b1083263a4e43e788067f
SHA1

35139cb98f18728344c119b4e4d676f4cb40a5cf
SHA256

b1c7febfa944b16c07fc8667c52ec540c3afbfec4afdc16d186bb8fcee449079
SHA512

d1c7db95729261613748b3f3b0c007b5d0343827c1702dfe06467c7bb9c18977ec3560e336adc684eddd855b8f05087e82896e462bd45f93c2c89b94b949a405
SSDEEP

3072:JBSKK2coM3CCzwvrkJlP+aDkDvILW+0/9QS7OjNL3/3U+Dp6pZOHQL+o:uKW3CawI2B7Ot09KJL3s+Dp6qHg5

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3596-0-0x0000000000400000-0x0000000000468000-memory.dmp	upx
behavioral2/memory/3596-5-0x0000000000400000-0x0000000000468000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3596 set thread context of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93
PID 3596 wrote to memory of 4420	3596	495aa283d71b1083263a4e43e788067f.exe	93

C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
"C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
  C:\Users\Admin\AppData\Local\Temp\495aa283d71b1083263a4e43e788067f.exe
  2⤵
  PID:4420

memory/3596-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/3596-1-0x0000000000A10000-0x0000000000A28000-memory.dmp

Filesize
96KB

Download
memory/3596-5-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/4420-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4420-9-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4420-8-0x0000000000430000-0x00000000004F9000-memory.dmp

Filesize
804KB

Download
memory/4420-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4420-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download