18be2ced165520de120b32c72463062964d61a3c40ea4724e26eb9dc839dfd93

Analysis

max time kernel
153s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 21:53

Target

faca373fb849478a253f058efd84b1fe.exe
Size

656KB
MD5

faca373fb849478a253f058efd84b1fe
SHA1

79129807bea6d8b7b4d93c6df4a76495178e40a9
SHA256

18be2ced165520de120b32c72463062964d61a3c40ea4724e26eb9dc839dfd93
SHA512

838b17ba83028168280f60638bbe261d2853702ff5b20d38647b21ab6a9784d8e5a1dcd57a425c008eaa4e79294a9c17ab086529016e8c0ed6cd7c1a0ff0f82b
SSDEEP

12288:Mko7YNQ5s4WioPJicryGBWECTqCpWG1lHAJfKEtDWXNpby4d8IEXu58:MdwQH6icoECFpWylHAy8IYQ8

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1060-4-0x0000000000400000-0x0000000000457000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3412 set thread context of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3412	faca373fb849478a253f058efd84b1fe.exe
3412	faca373fb849478a253f058efd84b1fe.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90
PID 3412 wrote to memory of 1060	3412	faca373fb849478a253f058efd84b1fe.exe	90

C:\Users\Admin\AppData\Local\Temp\faca373fb849478a253f058efd84b1fe.exe
"C:\Users\Admin\AppData\Local\Temp\faca373fb849478a253f058efd84b1fe.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Users\Admin\AppData\Local\Temp\faca373fb849478a253f058efd84b1fe.exe
  C:\Users\Admin\AppData\Local\Temp\faca373fb849478a253f058efd84b1fe.exe
  2⤵
  PID:1060

memory/1060-4-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3412-0-0x0000000000400000-0x00000000007BF000-memory.dmp

Filesize
3.7MB

Download
memory/3412-7-0x0000000000400000-0x00000000007BF000-memory.dmp

Filesize
3.7MB

Download