aa8888118d0fce21427166f9191681d95d1becb2ac89d3762d5ca24c23f9db11

Analysis

max time kernel
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 04:08

Target

0dec2380edf8025c81508c109d99eae3.exe
Size

36KB
MD5

0dec2380edf8025c81508c109d99eae3
SHA1

b9d7e323523c42822c28d9aa167eee456faf37da
SHA256

aa8888118d0fce21427166f9191681d95d1becb2ac89d3762d5ca24c23f9db11
SHA512

73e805ec4eb6638c907ffb704b4e0eec24bf35877675314fa608bf72ae39f849d96394ba219a20988e05c741905ce0867ae2d468cf9755960df2eea3af897947
SSDEEP

768:8mXyhz7Mve4oMrWWFBM6phOE+9GfVmClNL+UQ1NSa:0N7Mve4d3S9kL+UwV

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1400-0-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral2/memory/1400-1-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ICSAgent.exe	0dec2380edf8025c81508c109d99eae3.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1400 set thread context of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1400	0dec2380edf8025c81508c109d99eae3.exe
1400	0dec2380edf8025c81508c109d99eae3.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17
PID 1400 wrote to memory of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17
PID 1400 wrote to memory of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17
PID 1400 wrote to memory of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17
PID 1400 wrote to memory of 848	1400	0dec2380edf8025c81508c109d99eae3.exe	17
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49
PID 848 wrote to memory of 3484	848	0dec2380edf8025c81508c109d99eae3.exe	49

memory/848-3-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/848-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/848-10-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/1400-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1400-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3484-4-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/3484-6-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

Filesize
24KB

Download