25eaee138ea5daa22159b2536e4bd2c313351e424113ee8b045e0f1042398913

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:47

Target

177e618f1da0ae24c283229d8a145e3f.exe
Size

204KB
MD5

177e618f1da0ae24c283229d8a145e3f
SHA1

86e14ac9cb5b5a071893b6a6f69754968cbae7d0
SHA256

25eaee138ea5daa22159b2536e4bd2c313351e424113ee8b045e0f1042398913
SHA512

5949341a77aea50a8d39a9724deae64ee5be7f576fb08ca9ed58c2572bffcb254681cd953cbc853dced30f3361e93fd204efcdfec03f0c946613d55cdd069b5d
SSDEEP

6144:OS/ryv8VsRKPe/AaOEStScBxxe1mBDzr3E:t/rC8VSQHBO1u/r3E

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/804-0-0x0000000000400000-0x0000000000447C00-memory.dmp	upx
behavioral2/memory/804-6-0x0000000000400000-0x0000000000447C00-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 804 set thread context of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1872	177e618f1da0ae24c283229d8a145e3f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
804	177e618f1da0ae24c283229d8a145e3f.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20
PID 804 wrote to memory of 1872	804	177e618f1da0ae24c283229d8a145e3f.exe	20

C:\Users\Admin\AppData\Local\Temp\177e618f1da0ae24c283229d8a145e3f.exe
"C:\Users\Admin\AppData\Local\Temp\177e618f1da0ae24c283229d8a145e3f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:804
- C:\Users\Admin\AppData\Local\Temp\177e618f1da0ae24c283229d8a145e3f.exe
  "C:\Users\Admin\AppData\Local\Temp\177e618f1da0ae24c283229d8a145e3f.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1872

memory/804-0-0x0000000000400000-0x0000000000447C00-memory.dmp

Filesize
287KB

Download
memory/804-6-0x0000000000400000-0x0000000000447C00-memory.dmp

Filesize
287KB

Download
memory/1872-7-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1872-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1872-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1872-10-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download