5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186

Analysis

max time kernel
24s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 06:12

Target

5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe
Size

4KB
MD5

383c8df5d6100793a3129f497b22893a
SHA1

731805b2434b4e01190609e3b4d85fc712c58f7e
SHA256

5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186
SHA512

8c826f3278badbaa97b0e5e46b7f34715f2d86a3b430e3cf5739b0644d6cf25a64cf6b22087b03ca003bb12caec9ab9850fe1820e64e108f5dd6a90c1a158c71
SSDEEP

48:qHy+fcjZA8mren96OjUxh/ATr9oPwhcd185nhL8/fD1mkq0sWnrSB8qSeJY8JTa3:U0mr25Q0aZgnWTIlWrSbhd

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/960-55-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
948	960	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 948	960	5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe	27
PID 960 wrote to memory of 948	960	5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe	27
PID 960 wrote to memory of 948	960	5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe	27
PID 960 wrote to memory of 948	960	5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe	27

C:\Users\Admin\AppData\Local\Temp\5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe
"C:\Users\Admin\AppData\Local\Temp\5f3cae7bd2ab8815bb8a31d16489f71f4763b90f25fb868e0ecb26447595c186.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 88
  2⤵
  - Program crash
  PID:948

memory/960-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download