9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 10:17

Target

9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
Size

7.0MB
MD5

b07d4d1c0bec5da6b2405ea99732de51
SHA1

95cbfc036df3f5644f4495788b34aee4dc4d9404
SHA256

9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d
SHA512

df63cd190c0909ceb8519468ec466bb986fccfae54222225a68e973ba41b606ed0a043841068dc28ca3851a2d84ee9531f0b8a840b0bc64e00f3189891368a00
SSDEEP

196608:n6WmkvowmxP6PifKNUWOJeB6Mr/fb4uNEW0R:nLd5NxV7NEW

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2960-0-0x0000000000400000-0x0000000001423000-memory.dmp	upx
behavioral1/memory/2960-2-0x0000000000400000-0x0000000001423000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
2960	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
2960	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
2960	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
2960	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
2960	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\Interface	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\Interface\{4EE08224-4952-4EE4-4798-4CAAF56A84DB}\ = "75AeeIxitCrC3zvJ408uvTG8eOB3Ee0JmR2e1C+CTnH8m3aH64MTdgeJGXiLYqcquN8qydtP37pJtXPgdhHgCY8djdQngv9u/Jt2h+uDE3Z+Sgqp+qWlS/9+CTnGi1Bc"	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\Interface\{4EE08224-4952-4EE4-4798-4CAAF56A84DB}\ = "75AeeIxitCrC3zvJ408uvTG8eOB3Ee0JmR2e1C+CXnH8m3aH64MTdgeJGXiLYqcquN8qydtP37pJtXPgdhHgCY8djdQngv9u/Jt2h+uDE3YR8ZqTTRPs2T8nLGjxUJF5"	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node\Interface\{4EE08224-4952-4EE4-4798-4CAAF56A84DB}	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\Wow6432Node	9f72ec0ada70daa1524f72c32683f52f429f7d81794dfb104fe9f5a3d679587d.exe

memory/2960-0-0x0000000000400000-0x0000000001423000-memory.dmp

Filesize
16.1MB

Download
memory/2960-2-0x0000000000400000-0x0000000001423000-memory.dmp

Filesize
16.1MB

Download