44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b | Triage

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 19:14

Sharing

Report Analysis Logs

General

Target

44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe
Size

492KB
MD5

4cc235735c222e44108d77cc78e6c9a6
SHA1

ac229bd71b6c637183a22c0c5e33b9af1e7095f0
SHA256

44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b
SHA512

defe9d930b8e5a0e8b9968b62c1c9baee9502be0ea46f0236e0c975cd5a37a61f11b6df58377029629bb64de686a780304ac2b67f2443bcdd4aa5cf65f52f8f3

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1824-56-0x0000000000400000-0x000000000050C000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1700 1824 WerFault.exe 44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe

description	pid	process	target process
PID 1824 wrote to memory of 1700	1824	44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe	WerFault.exe
PID 1824 wrote to memory of 1700	1824	44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe	WerFault.exe
PID 1824 wrote to memory of 1700	1824	44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe	WerFault.exe
PID 1824 wrote to memory of 1700	1824	44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe
"C:\Users\Admin\AppData\Local\Temp\44740f07cd083cce4885c21c2014650071f96cc624635706724a57cda0c7528b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 228
2⤵
- Program crash
PID:1700

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-55-0x0000000000000000-mapping.dmp

Download
memory/1824-54-0x0000000075381000-0x0000000075383000-memory.dmp

Filesize
8KB

Download
memory/1824-56-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download