fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 03:49

Target

fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe
Size

533KB
MD5

802a11182a6d88c95066077825d75820
SHA1

53abcc44c3cf9ec4dbba439746975cbb59fbb395
SHA256

fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815
SHA512

e7dc72d13a3c39f6e69cfc4eff7f4b1d191ca87d35a6531c85492079c4e04da66f79d3fa71e6ad64373710884e0898e5b18f87f9456ea8ed460d7c03f81c06bf
SSDEEP

12288:jC0DO8mdQPiOf9VpsKKeOFOlin23csLXtnKpLRjkMNdbEPq9APaG5:+0DG6PiOTpQ7CcsxMRIMNdbEqAPaG5

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/952-56-0x0000000000400000-0x00000000004F5000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	952	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1508	952	fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe	27
PID 952 wrote to memory of 1508	952	fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe	27
PID 952 wrote to memory of 1508	952	fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe	27
PID 952 wrote to memory of 1508	952	fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe	27

C:\Users\Admin\AppData\Local\Temp\fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe
"C:\Users\Admin\AppData\Local\Temp\fa195fb4c642dc9846fada485b373e0a9e9c308e8443e589da13464698f1d815.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 116
  2⤵
  - Program crash
  PID:1508

memory/952-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/952-56-0x0000000000400000-0x00000000004F5000-memory.dmp

Filesize
980KB

Download