e9aeb194df375d91f63123e2e111dd303c1d7b03fc75b5bdfbad8a0d683a3c3b

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:35

Target

f9c2c57f10002fd09b0b10230bfb3954.exe
Size

94KB
MD5

f9c2c57f10002fd09b0b10230bfb3954
SHA1

38e346542852999d3c3e5ffb1e5720ca3220330b
SHA256

e9aeb194df375d91f63123e2e111dd303c1d7b03fc75b5bdfbad8a0d683a3c3b
SHA512

e631b6d4095adc0a9d9acab9e69106a63d689013eabe529d32291903906fd59e576c00821bbd90549390aeadc85acbbede77bf99fa5e9e93df7137f15f8ae116
SSDEEP

1536:QSMV+hwbFYwm6HWOBUwOTLzeGsrOxUdpP9+9GMZo6TfZi2GmVTsiz1h1rj/PW/w8:gVrbFYwmBOBUVm3rrpPszowD1VTTGb4a

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral1/memory/2936-11-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2936 set thread context of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2936	f9c2c57f10002fd09b0b10230bfb3954.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29
PID 2936 wrote to memory of 2176	2936	f9c2c57f10002fd09b0b10230bfb3954.exe	29

C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
"C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
  C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
  2⤵
  PID:2176

memory/2176-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2176-6-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2176-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2176-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2176-9-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2176-10-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2936-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2936-4-0x0000000003A30000-0x0000000003A7A000-memory.dmp

Filesize
296KB

Download
memory/2936-11-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download