a4501ea4fb22cf73ac409622091901f884b61ccad6b66d75f92ffe49243faf74

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 21:35

Target

54a3debb2be07c54d037538d18ff9111.exe
Size

66KB
MD5

54a3debb2be07c54d037538d18ff9111
SHA1

7ae140295e1bb099546f665bedda4c402a5eb0bb
SHA256

a4501ea4fb22cf73ac409622091901f884b61ccad6b66d75f92ffe49243faf74
SHA512

c3ecb74ca7bbbe3ff4ad30945853300498b91ee998eaee6240b687484456d2970a9c65cfea0252ce3481e51de5c4853a5b24614c21b9597ecff63e7418117a7b
SSDEEP

768:fpbbKqvdMg4qwNGjXp9J8bW0OXTu990ludAC8VWx58WMe8yYS4QLryqR7YhH:9/v2mWVKW94xWr3sS42ryqR7uH

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/776-0-0x0000000000400000-0x000000000043C000-memory.dmp	upx
behavioral2/memory/776-6-0x0000000000400000-0x000000000043C000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 776 set thread context of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 set thread context of 0	776	54a3debb2be07c54d037538d18ff9111.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
776	54a3debb2be07c54d037538d18ff9111.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 4052	776	54a3debb2be07c54d037538d18ff9111.exe	90
PID 776 wrote to memory of 0	776	54a3debb2be07c54d037538d18ff9111.exe
PID 776 wrote to memory of 0	776	54a3debb2be07c54d037538d18ff9111.exe
PID 776 wrote to memory of 0	776	54a3debb2be07c54d037538d18ff9111.exe
PID 776 wrote to memory of 0	776	54a3debb2be07c54d037538d18ff9111.exe

C:\Users\Admin\AppData\Local\Temp\54a3debb2be07c54d037538d18ff9111.exe
"C:\Users\Admin\AppData\Local\Temp\54a3debb2be07c54d037538d18ff9111.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:776
- C:\Users\Admin\AppData\Local\Temp\54a3debb2be07c54d037538d18ff9111.exe
  "C:\Users\Admin\AppData\Local\Temp\54a3debb2be07c54d037538d18ff9111.exe"
  2⤵
  PID:4052

memory/776-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/776-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4052-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4052-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4052-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4052-8-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4052-9-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download