23199eb470e5bc670ed6fe63a93869af3f2f8b74073eb7cb0d4d2f13ae91593f

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:11

Target

6642127bc4da1ab3fcdb73e5d9e9c19e.exe
Size

156KB
MD5

6642127bc4da1ab3fcdb73e5d9e9c19e
SHA1

89d1b108427a349d5f491d213625736d91b34c47
SHA256

23199eb470e5bc670ed6fe63a93869af3f2f8b74073eb7cb0d4d2f13ae91593f
SHA512

04245224db32211d7232f91f176875e5358452d875bea03d9f555b36f9c89244a34c48f68e0b40fd8c063668eef466243ba6e5aa16b29c350e1282898493f864
SSDEEP

3072:DJq8kEP35Kk/UnWN2QmAvI5nhEbgxC7q3msfJHnwe:DIWPpbcQmqI5eiCs5fZnwe

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2492-4-0x0000000000400000-0x0000000000472000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 836 set thread context of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 set thread context of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2480	2492	WerFault.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 2492	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	28
PID 836 wrote to memory of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe
PID 836 wrote to memory of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe
PID 836 wrote to memory of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe
PID 836 wrote to memory of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe
PID 836 wrote to memory of 0	836	6642127bc4da1ab3fcdb73e5d9e9c19e.exe
PID 2492 wrote to memory of 2480	2492	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	29
PID 2492 wrote to memory of 2480	2492	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	29
PID 2492 wrote to memory of 2480	2492	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	29
PID 2492 wrote to memory of 2480	2492	6642127bc4da1ab3fcdb73e5d9e9c19e.exe	29

memory/836-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/836-1-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/836-6-0x0000000000450000-0x000000000049A000-memory.dmp

Filesize
296KB

Download
memory/836-7-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2492-4-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download