c9824baf1396b21231a12a9a5645914827a778895d2c28bfdcc59769ce7e9008

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/09/2022, 10:56

Target

ɽ 2005 PRO ɫЯ/ɽ.exe
Size

240KB
MD5

195932fc329ee09a7f2c6798010ce170
SHA1

c40665fe72699d13ae1ee63585ab47513147f4d1
SHA256

10d414e570f383e049ca9d42caa16937f12155900ed43e696dadfb547e00282d
SHA512

2c80a803b1f6d774b47bc6551b36c217d956d3bcd680a3547c93f165b53af0dd1dcbeca0e61e5688ecedba04215da668f03d5cf19e92350346e745be887179d5
SSDEEP

6144:sN0neTpwfoHdXTFR9GF7tJNYmwU1nWtALxl61XLv:sieTEEdjFRQdt31tMdD

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral15/memory/2020-56-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1016	2020	WerFault.exe	25

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1016	2020	ɽ.exe	26
PID 2020 wrote to memory of 1016	2020	ɽ.exe	26
PID 2020 wrote to memory of 1016	2020	ɽ.exe	26
PID 2020 wrote to memory of 1016	2020	ɽ.exe	26

C:\Users\Admin\AppData\Local\Temp\ɽ 2005 PRO ɫЯ\ɽ.exe
"C:\Users\Admin\AppData\Local\Temp\ɽ 2005 PRO ɫЯ\ɽ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 192
  2⤵
  - Program crash
  PID:1016

memory/2020-54-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/2020-55-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/2020-56-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2020-58-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download