80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 16:11

Target

80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693.exe
Size

328KB
MD5

04f6fe9cfa4efee2a82af9749a710a13
SHA1

dae5fadef42512b04c6f00ef3ef6f6b5bab770bf
SHA256

80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693
SHA512

8b24bdb3f4c62220ea3a6574fd32f28d7df40ad280c173327a0ad71180c3cd7b3d4e06a90428430705029857e0e5de5346f9ec7bb9cbd67227c9e5418632ccd2
SSDEEP

3072:TYnKcM9u+8l6W2egdwDFKl6gpF5OzINHJwaxvdq5bx0LAPe5D8rhfIl:ak9uRlb8eU75O3aNdqNmKuAC

Score

8^/10

upx

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\svflooje.exe	80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693.exe

Executes dropped EXE 1 IoCs

pid	Process
308	svflooje.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x00140000000054ab-56.dat	upx
behavioral1/files/0x00140000000054ab-58.dat	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\keys.ini	80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	308	WerFault.exe	28

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1520	80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693.exe
308	svflooje.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 916	308	svflooje.exe	29
PID 308 wrote to memory of 916	308	svflooje.exe	29
PID 308 wrote to memory of 916	308	svflooje.exe	29
PID 308 wrote to memory of 916	308	svflooje.exe	29

C:\Windows\SysWOW64\drivers\svflooje.exe
C:\Windows\SysWOW64\drivers\svflooje.exe
1⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 200
  2⤵
  - Program crash
  PID:916

C:\Windows\SysWOW64\drivers\svflooje.exe

Filesize
328KB

MD5
04f6fe9cfa4efee2a82af9749a710a13

SHA1
dae5fadef42512b04c6f00ef3ef6f6b5bab770bf

SHA256
80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693

SHA512
8b24bdb3f4c62220ea3a6574fd32f28d7df40ad280c173327a0ad71180c3cd7b3d4e06a90428430705029857e0e5de5346f9ec7bb9cbd67227c9e5418632ccd2

Download Submit
C:\Windows\SysWOW64\drivers\svflooje.exe

Filesize
328KB

MD5
04f6fe9cfa4efee2a82af9749a710a13

SHA1
dae5fadef42512b04c6f00ef3ef6f6b5bab770bf

SHA256
80088b8188129ef9d90b0157055dd96073db94b022e5b7890aba637f3d77c693

SHA512
8b24bdb3f4c62220ea3a6574fd32f28d7df40ad280c173327a0ad71180c3cd7b3d4e06a90428430705029857e0e5de5346f9ec7bb9cbd67227c9e5418632ccd2

Download Submit
memory/308-60-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/308-62-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/308-63-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1520-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/1520-55-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1520-61-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1520-64-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download