5daa7596d9dd3c37fabd8d642c219d4cd7d41e617699653a48bd32b222c7ae3c

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 09:53

Target

8ed8ee311feb1cdf17fa14c590ab4c5e.exe
Size

212KB
MD5

8ed8ee311feb1cdf17fa14c590ab4c5e
SHA1

dc8fa5512d56a9744dd8940e1aa2e538f2d8aa13
SHA256

5daa7596d9dd3c37fabd8d642c219d4cd7d41e617699653a48bd32b222c7ae3c
SHA512

527016826160638c59f0671fe21d9334f21caf57b2affc218e226581128ff49c4417a9204154074a5037628505cd26cc3570150c5dddd2263853c4e5d20a9970
SSDEEP

6144:ZtINBXZpNiB3Iv2r2FpEuiDVjYF6XBxJTL:ZMp83Iv2iFpEXZY0f

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/236-0-0x0000000000400000-0x00000000004BD000-memory.dmp	upx
behavioral2/memory/236-5-0x0000000000400000-0x00000000004BD000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 236 set thread context of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88
PID 236 wrote to memory of 2764	236	8ed8ee311feb1cdf17fa14c590ab4c5e.exe	88

C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe
"C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:236
- C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe
  "C:\Users\Admin\AppData\Local\Temp\8ed8ee311feb1cdf17fa14c590ab4c5e.exe"
  2⤵
  PID:2764

memory/236-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/236-5-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2764-3-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2764-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2764-7-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2764-8-0x0000000000430000-0x00000000004F9000-memory.dmp

Filesize
804KB

Download
memory/2764-9-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download