8b9363131341d21a6053fa9a729a7f051b96d4f719bd633c7efd942edf748178

Analysis

max time kernel
118s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 03:46

Target

3fd04a59af502a90d606e5fa9a5862b1.exe
Size

68KB
MD5

3fd04a59af502a90d606e5fa9a5862b1
SHA1

aea7aadc37153ae9bb9b9b4b9988821a9ea75e2e
SHA256

8b9363131341d21a6053fa9a729a7f051b96d4f719bd633c7efd942edf748178
SHA512

b3412973aeb914c2cfd98fa9b5908905dc2bdf0abcc2fa5fa5ae6aa0d0a282d71ed69b8d95a10adabb19a0aa1a731912403b687c7f8631d9e4b3cd9c3c576eb3
SSDEEP

1536:yTZIlRt0RJEV6O7xbJeibuR0dNDuuhaZ509uMpS8GODMfu0ezJBL:CZIlRu2b7RBumdp8ZG9uMpS83DGfezJF

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2428-4-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral1/memory/2428-7-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral1/memory/2428-9-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral1/memory/2428-8-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral1/memory/2428-10-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2800 set thread context of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28
PID 2800 wrote to memory of 2428	2800	3fd04a59af502a90d606e5fa9a5862b1.exe	28

C:\Users\Admin\AppData\Local\Temp\3fd04a59af502a90d606e5fa9a5862b1.exe
"C:\Users\Admin\AppData\Local\Temp\3fd04a59af502a90d606e5fa9a5862b1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\3fd04a59af502a90d606e5fa9a5862b1.exe
  C:\Users\Admin\AppData\Local\Temp\3fd04a59af502a90d606e5fa9a5862b1.exe
  2⤵
  PID:2428

memory/2428-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2428-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2428-4-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2428-7-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2428-9-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2428-8-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2428-10-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2800-6-0x0000000013140000-0x0000000013158000-memory.dmp

Filesize
96KB

Download