4d2d01585d18201ac2e2068e387a8dc352cdc719b3eb7959af84cfe5a75873d4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 23:56

Target

d4b086b606f0425d117609add94b90d5.exe
Size

169KB
MD5

d4b086b606f0425d117609add94b90d5
SHA1

4c821c4f1b87122983dba0624b8807a620f9ba7b
SHA256

4d2d01585d18201ac2e2068e387a8dc352cdc719b3eb7959af84cfe5a75873d4
SHA512

1e21311218ea7ad41befa2ecc65ab28df9da95fb20eb67318ac87a4cd9f88f660075d8f7707a9f9e8e128a6fb5c7cb9b01acf1db0bcc32971e911cafd598667e
SSDEEP

3072:jo9e5q6BhioutOUGEBXVDx7S3MgHLDVaEnCiQcCNcVAaI7nxXngGwumt0:jo9YRhioSOPExr7SDDRYcVI7nxXneu

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1600-0-0x0000000000400000-0x0000000000441000-memory.dmp	upx
behavioral1/memory/1600-15-0x0000000000400000-0x0000000000441000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1600 set thread context of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1600	d4b086b606f0425d117609add94b90d5.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28
PID 1600 wrote to memory of 2192	1600	d4b086b606f0425d117609add94b90d5.exe	28

C:\Users\Admin\AppData\Local\Temp\d4b086b606f0425d117609add94b90d5.exe
"C:\Users\Admin\AppData\Local\Temp\d4b086b606f0425d117609add94b90d5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\d4b086b606f0425d117609add94b90d5.exe
  C:\Users\Admin\AppData\Local\Temp\d4b086b606f0425d117609add94b90d5.exe
  2⤵
  PID:2192

memory/1600-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1600-5-0x0000000000290000-0x00000000002D1000-memory.dmp

Filesize
260KB

Download
memory/1600-15-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2192-3-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-6-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-8-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-9-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2192-12-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-16-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-18-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2192-17-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download