5daa7596d9dd3c37fabd8d642c219d4cd7d41e617699653a48bd32b222c7ae3c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 09:53

Target

8ed8ee311feb1cdf17fa14c590ab4c5e.exe
Size

212KB
MD5

8ed8ee311feb1cdf17fa14c590ab4c5e
SHA1

dc8fa5512d56a9744dd8940e1aa2e538f2d8aa13
SHA256

5daa7596d9dd3c37fabd8d642c219d4cd7d41e617699653a48bd32b222c7ae3c
SHA512

527016826160638c59f0671fe21d9334f21caf57b2affc218e226581128ff49c4417a9204154074a5037628505cd26cc3570150c5dddd2263853c4e5d20a9970
SSDEEP

6144:ZtINBXZpNiB3Iv2r2FpEuiDVjYF6XBxJTL:ZMp83Iv2iFpEXZY0f

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2168-0-0x0000000000400000-0x00000000004BD000-memory.dmp	upx
behavioral1/memory/2168-5-0x0000000000400000-0x00000000004BD000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2168 set thread context of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28
PID 2168 wrote to memory of 2672	2168	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	28

C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe
"C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe
  "C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe"
  2⤵
  PID:2672

memory/2168-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2168-5-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2672-3-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2672-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2672-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2672-8-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download