e9aeb194df375d91f63123e2e111dd303c1d7b03fc75b5bdfbad8a0d683a3c3b

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 21:35

Target

f9c2c57f10002fd09b0b10230bfb3954.exe
Size

94KB
MD5

f9c2c57f10002fd09b0b10230bfb3954
SHA1

38e346542852999d3c3e5ffb1e5720ca3220330b
SHA256

e9aeb194df375d91f63123e2e111dd303c1d7b03fc75b5bdfbad8a0d683a3c3b
SHA512

e631b6d4095adc0a9d9acab9e69106a63d689013eabe529d32291903906fd59e576c00821bbd90549390aeadc85acbbede77bf99fa5e9e93df7137f15f8ae116
SSDEEP

1536:QSMV+hwbFYwm6HWOBUwOTLzeGsrOxUdpP9+9GMZo6TfZi2GmVTsiz1h1rj/PW/w8:gVrbFYwmBOBUVm3rrpPszowD1VTTGb4a

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2092-0-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/2092-11-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2092 set thread context of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	f9c2c57f10002fd09b0b10230bfb3954.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37
PID 2092 wrote to memory of 452	2092	f9c2c57f10002fd09b0b10230bfb3954.exe	37

C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
"C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
  C:\Users\Admin\AppData\Local\Temp\f9c2c57f10002fd09b0b10230bfb3954.exe
  2⤵
  PID:452

memory/452-5-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/452-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/452-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/452-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/452-10-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/452-9-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/452-8-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2092-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2092-11-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download