bfd6031226eb73aaa6bf21d5e5d588c6bf07110dc2c0042588ff51d30da9c8e7

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:02

Target

20f2037f5961a314bc2cde2b0a6f1e3d.exe
Size

68KB
MD5

20f2037f5961a314bc2cde2b0a6f1e3d
SHA1

b3aef6b583b9fc4ed853e5eca1e14321a41f79c7
SHA256

bfd6031226eb73aaa6bf21d5e5d588c6bf07110dc2c0042588ff51d30da9c8e7
SHA512

016cdfcb10ba4712423ed0375c7176f90e2ae8af622b46dbde54d13fe14f7fda630d20fb50652aa73c07f74a9c7c2db8f6d07e4d8841c274df98761f23f2dfac
SSDEEP

768:up23WNI7qc8bQi6LBKEswvKDVTHgehcfMK7sI1N7Hj0tv8919NbsvXBrjAyQsknx:uX+M3x/ApL7HjR9blryBkogg+

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/872-5-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/872-4-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/872-3-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/872-0-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 812 set thread context of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18
PID 812 wrote to memory of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18
PID 812 wrote to memory of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18
PID 812 wrote to memory of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18
PID 812 wrote to memory of 872	812	20f2037f5961a314bc2cde2b0a6f1e3d.exe	18

C:\Users\Admin\AppData\Local\Temp\20f2037f5961a314bc2cde2b0a6f1e3d.exe
"C:\Users\Admin\AppData\Local\Temp\20f2037f5961a314bc2cde2b0a6f1e3d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\20f2037f5961a314bc2cde2b0a6f1e3d.exe
  C:\Users\Admin\AppData\Local\Temp\20f2037f5961a314bc2cde2b0a6f1e3d.exe
  2⤵
  PID:872

memory/812-1-0x0000000013140000-0x0000000013158000-memory.dmp

Filesize
96KB

Download
memory/872-5-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/872-4-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/872-3-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/872-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download