7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1

Analysis

max time kernel
12s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 11:40

Target

7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe
Size

23KB
MD5

891839f13ff49216722e012c08a3af74
SHA1

ad8e3694c5392a47d37fd2ff5c3c5ffa7ff85d20
SHA256

7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1
SHA512

65e06800606a25947a412b187e8fe451940efcb9e844055168beb35c458a1ec70dc77122aa42652c1291c0bd07ec9c814dc5decd70cb71d5c1bb2beb2e36e486
SSDEEP

384:2wznVKyqCvPSryiZuatfFTKRgPPAPv2Ms:2QnwfCyNt+23AP+

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1428-55-0x0000000031420000-0x0000000031431000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1664	1428	WerFault.exe	8

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1664	1428	7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe	28
PID 1428 wrote to memory of 1664	1428	7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe	28
PID 1428 wrote to memory of 1664	1428	7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe	28
PID 1428 wrote to memory of 1664	1428	7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe	28

C:\Users\Admin\AppData\Local\Temp\7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe
"C:\Users\Admin\AppData\Local\Temp\7a73b412dcfc2f2919b5db163248637538c584097e0175ba93605dd5a85047c1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 100
  2⤵
  - Program crash
  PID:1664

memory/1428-55-0x0000000031420000-0x0000000031431000-memory.dmp

Filesize
68KB

Download