580e46c98e735d845f87e74d80e7d8f7e0db6e572aaa11276b2e1cad4c095a94

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:42

Target

10407ecfc3d186af1326c643148c8371.exe
Size

22KB
MD5

10407ecfc3d186af1326c643148c8371
SHA1

47e894dbbae9c39fc1816155422b68b16fc907ee
SHA256

580e46c98e735d845f87e74d80e7d8f7e0db6e572aaa11276b2e1cad4c095a94
SHA512

fceb0637cbaae56e7da1a48d23f7feab33bd12695f8e4fdf25d1c277dd87f353be06e09f702e29787661e7ba66c1bf8bb6eaa9947e27607e90f82e79a7ffb943
SSDEEP

384:UXFqNj8ctFjFrmTekd3FuiFpTaTKEd+JIQdZFaZyLohNXOWZWGEhrg:UVqNj8ctRoeC3FlF6Kw+yUzCyLogRg

Score

7^/10

upx

Executes dropped EXE 2 IoCs

pid	Process
2516	regsvr.exe
1572	regsvr.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1640-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral2/memory/2516-9-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral2/files/0x000600000002321e-14.dat	upx
behavioral2/memory/2516-17-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral2/memory/1572-18-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral2/memory/1640-19-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\regsvr.exe	10407ecfc3d186af1326c643148c8371.exe
File opened for modification	C:\Windows\SysWOW64\regsvr.exe	regsvr.exe
File created	C:\Windows\SysWOW64\regsvr.exe	regsvr.exe
File created	C:\Windows\SysWOW64\regsvr.exe	10407ecfc3d186af1326c643148c8371.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2516	1640	10407ecfc3d186af1326c643148c8371.exe	89
PID 1640 wrote to memory of 2516	1640	10407ecfc3d186af1326c643148c8371.exe	89
PID 1640 wrote to memory of 2516	1640	10407ecfc3d186af1326c643148c8371.exe	89
PID 2516 wrote to memory of 1572	2516	regsvr.exe	88
PID 2516 wrote to memory of 1572	2516	regsvr.exe	88
PID 2516 wrote to memory of 1572	2516	regsvr.exe	88

C:\Windows\SysWOW64\regsvr.exe

Filesize
22KB

MD5
10407ecfc3d186af1326c643148c8371

SHA1
47e894dbbae9c39fc1816155422b68b16fc907ee

SHA256
580e46c98e735d845f87e74d80e7d8f7e0db6e572aaa11276b2e1cad4c095a94

SHA512
fceb0637cbaae56e7da1a48d23f7feab33bd12695f8e4fdf25d1c277dd87f353be06e09f702e29787661e7ba66c1bf8bb6eaa9947e27607e90f82e79a7ffb943

Download Submit
C:\bndFile

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
memory/1572-18-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1640-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1640-19-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2516-9-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2516-17-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download