02dea1acab3b2688df53446c8f16e8e885aabaee578bd13453cd6365214f4bf0

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:51

Target

0793e14c75d527b4b566ddf3c21c4a83.exe
Size

116KB
MD5

0793e14c75d527b4b566ddf3c21c4a83
SHA1

9e6a098df8dae03403fd14f47b869cf3d7661eb9
SHA256

02dea1acab3b2688df53446c8f16e8e885aabaee578bd13453cd6365214f4bf0
SHA512

7d170ebc68b80d6876c2efe6e23e443386c2427d8a2dd8da5caba145a07a7806bc1e67a64e8af094ffd86393f6df7be6d98b515903227ca7a0f7700c1c446ccf
SSDEEP

3072:pIa5AZqZTlPqhrEKUpTSCRVYFyQlYZPx/qaCjZAYp:pL52yPqdClyFdWldqRAYp

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2880-0-0x0000000000400000-0x0000000000443000-memory.dmp	upx
behavioral1/memory/2880-3-0x0000000000250000-0x0000000000293000-memory.dmp	upx
behavioral1/memory/2880-8-0x0000000000400000-0x0000000000443000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2880 set thread context of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2736	0793e14c75d527b4b566ddf3c21c4a83.exe
2736	0793e14c75d527b4b566ddf3c21c4a83.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2880	0793e14c75d527b4b566ddf3c21c4a83.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2880 wrote to memory of 2736	2880	0793e14c75d527b4b566ddf3c21c4a83.exe	30
PID 2736 wrote to memory of 1260	2736	0793e14c75d527b4b566ddf3c21c4a83.exe	9
PID 2736 wrote to memory of 1260	2736	0793e14c75d527b4b566ddf3c21c4a83.exe	9
PID 2736 wrote to memory of 1260	2736	0793e14c75d527b4b566ddf3c21c4a83.exe	9
PID 2736 wrote to memory of 1260	2736	0793e14c75d527b4b566ddf3c21c4a83.exe	9

memory/1260-12-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1260-15-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2736-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2736-5-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2736-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2736-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2736-10-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2736-26-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2736-24-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2880-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2880-3-0x0000000000250000-0x0000000000293000-memory.dmp

Filesize
268KB

Download
memory/2880-8-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download