0ee40740d11768f330cfd96c6b5de855955cea419a3176411228c36291c4d1d4

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 05:19

Target

a2fd48d51533768c6b61462e5f74ff47.exe
Size

368KB
MD5

a2fd48d51533768c6b61462e5f74ff47
SHA1

8cbffeca16a629045154188b8ef331ecc037a91f
SHA256

0ee40740d11768f330cfd96c6b5de855955cea419a3176411228c36291c4d1d4
SHA512

eb6b40d6db3d112cdab1224550e199a82fd1cb2b7c59c93e6e9de084eff9811f7f27328c157fd6608c24dd8efdf19f53c86d21520b1bba1ab800aa17dface29a
SSDEEP

6144:fGL/rU1rBD9bJATiEDRFA0Cnm5oOuAwZiT4H9xE/Snga7LUQpR5KgMgsK4:fGL/rerARe0Cnm5omwZ5E/SngKpRggry

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1904-0-0x0000000000400000-0x000000000051C000-memory.dmp	upx
behavioral2/memory/1904-8-0x0000000000400000-0x000000000051C000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1904 set thread context of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1904	a2fd48d51533768c6b61462e5f74ff47.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1904 wrote to memory of 1624	1904	a2fd48d51533768c6b61462e5f74ff47.exe	86
PID 1624 wrote to memory of 3312	1624	a2fd48d51533768c6b61462e5f74ff47.exe	28
PID 1624 wrote to memory of 3312	1624	a2fd48d51533768c6b61462e5f74ff47.exe	28
PID 1624 wrote to memory of 3312	1624	a2fd48d51533768c6b61462e5f74ff47.exe	28
PID 1624 wrote to memory of 3312	1624	a2fd48d51533768c6b61462e5f74ff47.exe	28

memory/1624-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1624-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1624-6-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1624-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1624-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1624-15-0x00000000004E0000-0x00000000005A9000-memory.dmp

Filesize
804KB

Download
memory/1624-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1624-16-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1904-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/1904-8-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/3312-11-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3312-12-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download