05d0841723ed006b2517c546ef6d5b97ee7e13db62fa6be92424c356e03c175e

Analysis

max time kernel
147s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 06:41

Target

ab3ff84e49da11ec9c7daef220da58a5.exe
Size

72KB
MD5

ab3ff84e49da11ec9c7daef220da58a5
SHA1

d6a6686ada41e42ec1dca6b1754b3053ecd03578
SHA256

05d0841723ed006b2517c546ef6d5b97ee7e13db62fa6be92424c356e03c175e
SHA512

3f395455e460b5a0239b5e3dc68d5a0e830303551f3147642bfba5cc75bbddc4b1e009e0b85e1f56c41ea09671bfa7c8b36df9bfbc176f385b3047278acd86c5
SSDEEP

1536:u7gSPQgf9iuZlf2/dYTeqyLWWa+Amx9BgTme+mjA4Z1gmF64+Pf4/cUjsG:u0mapEGmQHX4/ZF

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2592-2-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/2592-4-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/2592-5-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/2592-6-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral2/memory/2592-8-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4728 set thread context of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4728	ab3ff84e49da11ec9c7daef220da58a5.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88
PID 4728 wrote to memory of 2592	4728	ab3ff84e49da11ec9c7daef220da58a5.exe	88

C:\Users\Admin\AppData\Local\Temp\ab3ff84e49da11ec9c7daef220da58a5.exe
"C:\Users\Admin\AppData\Local\Temp\ab3ff84e49da11ec9c7daef220da58a5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Users\Admin\AppData\Local\Temp\ab3ff84e49da11ec9c7daef220da58a5.exe
  C:\Users\Admin\AppData\Local\Temp\ab3ff84e49da11ec9c7daef220da58a5.exe
  2⤵
  PID:2592

memory/2592-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2592-4-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2592-5-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2592-6-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2592-7-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/2592-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download