3d24e4ec0319745117340b45f62e4ebba99e81d0626d884a7d0659cf16fa9c82

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 14:29

Target

b7a146bb01ceda2b81ab5ce489910aed.exe
Size

178KB
MD5

b7a146bb01ceda2b81ab5ce489910aed
SHA1

d2b3c33622cdc481fb0a8bb4e3187bf200b2f480
SHA256

3d24e4ec0319745117340b45f62e4ebba99e81d0626d884a7d0659cf16fa9c82
SHA512

79e4f5eb0d818639bf2191f65522bf11b21a4d0f812de16f955c3dead18ee90ddfe3a1924661642045a882b47bcc42a7443831aed4fb50cc2d5d38c61d47f674
SSDEEP

3072:K+PJzyosNWVA/Aa+Abu4pWDonE3morZUa7G7ZEB3m9W2oFEAr7HowBrVGk1m:BBog6I4pWMnEWO+a7CW2oOArkx

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2572-0-0x0000000000400000-0x000000000049D000-memory.dmp	upx
behavioral1/memory/2572-8-0x0000000000400000-0x000000000049D000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2572 set thread context of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2572	b7a146bb01ceda2b81ab5ce489910aed.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29
PID 2572 wrote to memory of 2476	2572	b7a146bb01ceda2b81ab5ce489910aed.exe	29

C:\Users\Admin\AppData\Local\Temp\b7a146bb01ceda2b81ab5ce489910aed.exe
"C:\Users\Admin\AppData\Local\Temp\b7a146bb01ceda2b81ab5ce489910aed.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Users\Admin\AppData\Local\Temp\b7a146bb01ceda2b81ab5ce489910aed.exe
  "C:\Users\Admin\AppData\Local\Temp\b7a146bb01ceda2b81ab5ce489910aed.exe"
  2⤵
  PID:2476

memory/2476-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2476-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2476-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2476-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2476-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2572-0-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/2572-8-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download