20d1d4ba6016943e04e633625f94bbf5c1556e80c8767095bc87a6b16639f31b

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 21:53

Target

7e19a44cce1742f34039e22ad9e0083c.exe
Size

71KB
MD5

7e19a44cce1742f34039e22ad9e0083c
SHA1

509a868791a416b977de55e9615b86ff0584c793
SHA256

20d1d4ba6016943e04e633625f94bbf5c1556e80c8767095bc87a6b16639f31b
SHA512

20c522909a18973ba3b85e226da63530f357f78c6567bd065151f3540d112282c28ef927ad446b0070c38ce8197c8f685a37ecdc99660a689de28bbb8a3661e3
SSDEEP

1536:o21KV5q7dTdEig+l3gVevmDMdNkXnl77rIs/t:op5qML+l3mvDMDQl7PV/t

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2388-2-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2388-7-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2388-8-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2388-9-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/2388-10-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2388	7e19a44cce1742f34039e22ad9e0083c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2388	1948	7e19a44cce1742f34039e22ad9e0083c.exe	28
PID 1948 wrote to memory of 2388	1948	7e19a44cce1742f34039e22ad9e0083c.exe	28
PID 1948 wrote to memory of 2388	1948	7e19a44cce1742f34039e22ad9e0083c.exe	28
PID 1948 wrote to memory of 2388	1948	7e19a44cce1742f34039e22ad9e0083c.exe	28

C:\Users\Admin\AppData\Local\Temp\7e19a44cce1742f34039e22ad9e0083c.exe
"C:\Users\Admin\AppData\Local\Temp\7e19a44cce1742f34039e22ad9e0083c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\7e19a44cce1742f34039e22ad9e0083c.exe
  ?
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2388

memory/1948-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1948-1-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/1948-3-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/1948-11-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/2388-5-0x0000000001000000-0x000000000100B000-memory.dmp

Filesize
44KB

Download
memory/2388-2-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2388-7-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2388-8-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2388-9-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2388-10-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download