0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802

Analysis

max time kernel
155s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 12:36

Target

0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe
Size

292KB
MD5

3e89f9739ead9fc7c77964e3d00b9503
SHA1

da899595390027bcc9718dcd3018cb7431e53936
SHA256

0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802
SHA512

0f63b837957d04f3e224572f6cf18c11ef06b47258470f93f2f7b6ac7e4e65f195a8f0be9c93db11c0dd77484354d5788d1ad93fb4723c492baab0a08f94bf53
SSDEEP

3072:YyEF37GJmRXk5AxSR7KfA02Q9z3gQuTXsimfUQGuCLU:lEF37GJmR05AxoOfV/KQuwimMQ

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4108-132-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4844	4108	WerFault.exe	80
4892	4108	WerFault.exe	80

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4108	0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4844	4108	0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe	85
PID 4108 wrote to memory of 4844	4108	0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe	85
PID 4108 wrote to memory of 4844	4108	0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe	85

C:\Users\Admin\AppData\Local\Temp\0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe
"C:\Users\Admin\AppData\Local\Temp\0a6a6dd55386f531c9dcba5eb7e511a8d6e9f254cadaa5ee7ea5fc42e4dca802.exe"
1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 460
  2⤵
  - Program crash
  PID:4844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 460
  2⤵
  - Program crash
  PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4108 -ip 4108
1⤵
PID:5108

memory/4108-132-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/4108-133-0x0000000002510000-0x0000000002533000-memory.dmp

Filesize
140KB

Download
memory/4108-134-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/4108-136-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download