38bb686279d284d20865d19a61af60ba20d0e435017b9f6a5a594dd5733a98c7

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:15

Target

003258408cfb5010a6be01c6b727dd64.exe
Size

901KB
MD5

003258408cfb5010a6be01c6b727dd64
SHA1

9e07b311e66640530359173f2393c39bcbdf48f5
SHA256

38bb686279d284d20865d19a61af60ba20d0e435017b9f6a5a594dd5733a98c7
SHA512

f99b05243eb44e52028b7e1ed96fcf7e75ed02e451f2bc19f5f9690d5533738ecd0b9b437e59cc962d2495130568f9c77bda317a0423e7a6fa7362e8f58bec12
SSDEEP

24576:04hjIMJwHkx1HravICxgnGXZHCnAePb+cn+QuHKmc:0MjjgkxhraDxZglqM+DHK9

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3988-0-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral2/memory/3988-1-0x0000000000400000-0x0000000000425000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3988	003258408cfb5010a6be01c6b727dd64.exe
3988	003258408cfb5010a6be01c6b727dd64.exe

C:\Users\Admin\AppData\Local\Temp\003258408cfb5010a6be01c6b727dd64.exe
"C:\Users\Admin\AppData\Local\Temp\003258408cfb5010a6be01c6b727dd64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3988

memory/3988-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3988-1-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download