5607fbb2d7752ea9bdeb3f2ad4fa4017907badcfe97143f647d959ca63fe5cbe

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:02

Target

6201d5883bc354cb64ff189d4ed4c0e6.exe
Size

356KB
MD5

6201d5883bc354cb64ff189d4ed4c0e6
SHA1

65bdde4fb2fb2f5a0e9e38e831810f92a8648212
SHA256

5607fbb2d7752ea9bdeb3f2ad4fa4017907badcfe97143f647d959ca63fe5cbe
SHA512

1858628bb5f9f536e24696271c37c1aa9f0ec2c9027a994a0fd63320ba47f4bcbc041d22caa3f7173baf90f514ec5218fb53f0e927920d136ad974e0909910b9
SSDEEP

6144:sQw0WAtKvhICR0U6C6XxfmVD4VQlWHa+/qBDZ3+C/M73frSG8C1Ncys5:Bw0WAtKZPeRONlua+2Z3+tkCMZ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2536-0-0x0000000000400000-0x00000000004DC000-memory.dmp	upx
behavioral1/memory/2536-2-0x0000000000400000-0x00000000004DC000-memory.dmp	upx

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2536	6201d5883bc354cb64ff189d4ed4c0e6.exe
2536	6201d5883bc354cb64ff189d4ed4c0e6.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2536	6201d5883bc354cb64ff189d4ed4c0e6.exe
2536	6201d5883bc354cb64ff189d4ed4c0e6.exe

memory/2536-0-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2536-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2536-2-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2536-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download