af490e70dd036d023814ead3fbf3a7610fc400553b56e0783aadf72a6b04742c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 17:39

Target

a9c3389859e35fa20cb60a9339410045.exe
Size

175KB
MD5

a9c3389859e35fa20cb60a9339410045
SHA1

721afb881102c018118729d52a5412a7091576bb
SHA256

af490e70dd036d023814ead3fbf3a7610fc400553b56e0783aadf72a6b04742c
SHA512

a267c9b6983b39d9afb61f7ab014163f1df7afed5eaf82f54711b65498bf1c208a88db37d22e204ca56cdc94373b7b11b54dbe0bc3f5cd66d31f812f324f7e6b
SSDEEP

3072:pXK1MsXkiMIUelDdWffOpvoZ2XXBNGYthkpWRUQVcikjEistIDP4nvubyZKica+6:dTinpUHOuZ2XXBNhfkpAU7Fs+QGupc

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4448-0-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral2/memory/4448-1-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral2/memory/4448-2-0x0000000000400000-0x0000000000479000-memory.dmp	upx
behavioral2/memory/4448-9-0x0000000000400000-0x0000000000479000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4448 set thread context of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4448	a9c3389859e35fa20cb60a9339410045.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87
PID 4448 wrote to memory of 2824	4448	a9c3389859e35fa20cb60a9339410045.exe	87

C:\Users\Admin\AppData\Local\Temp\a9c3389859e35fa20cb60a9339410045.exe
"C:\Users\Admin\AppData\Local\Temp\a9c3389859e35fa20cb60a9339410045.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Users\Admin\AppData\Local\Temp\a9c3389859e35fa20cb60a9339410045.exe
  C:\Users\Admin\AppData\Local\Temp\a9c3389859e35fa20cb60a9339410045.exe
  2⤵
  PID:2824

memory/2824-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2824-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2824-7-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/2824-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2824-11-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2824-13-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/4448-0-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4448-1-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4448-2-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4448-9-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download