464f810c653cd7726d1555b21e155c412a77bd5ea6e6f81a48b5403532642ce4

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 07:35

Target

5cdd71da80346c329c309845633e54e1.exe
Size

129KB
MD5

5cdd71da80346c329c309845633e54e1
SHA1

0e641767bc6d77300fdc6abc00f22ff76b8fc945
SHA256

464f810c653cd7726d1555b21e155c412a77bd5ea6e6f81a48b5403532642ce4
SHA512

af9525525eb0ebb2f25d7c63afd551e5d8fce674a6edb58ca235ee8aeaa4181a69a2cbd42b837b3abb7433590b3f40379510dc8216d34751855d26fb4dfbc253
SSDEEP

3072:KlbFONL/fuQ//IwC29zrLphZTkR81ISXoL5QpmFX7WYRYtPao77bocc4:+BE7WwC29phZ8pR5XOhao84

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2320-6-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2320 set thread context of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2320	5cdd71da80346c329c309845633e54e1.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21
PID 2320 wrote to memory of 1872	2320	5cdd71da80346c329c309845633e54e1.exe	21

C:\Users\Admin\AppData\Local\Temp\5cdd71da80346c329c309845633e54e1.exe
"C:\Users\Admin\AppData\Local\Temp\5cdd71da80346c329c309845633e54e1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\5cdd71da80346c329c309845633e54e1.exe
  C:\Users\Admin\AppData\Local\Temp\5cdd71da80346c329c309845633e54e1.exe
  2⤵
  PID:1872

memory/1872-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1872-7-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1872-9-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1872-8-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2320-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2320-4-0x0000000000300000-0x0000000000315000-memory.dmp

Filesize
84KB

Download
memory/2320-6-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download