9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4

Analysis

max time kernel
174s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 16:34

Target

9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe
Size

124KB
MD5

f148360af4e37eb65f6e775f34db46a9
SHA1

7dbb6b4803ffbd640461487a3de28f37dc5946c3
SHA256

9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4
SHA512

ba4c18b0375fcd0c7f6cd0766b14a6c6a0d48bdfe69917d22b135cc72668d26fbb0e477314da6c8d30d104025102c0bed45f987f82eef37c13f466965453595c
SSDEEP

1536:KaMmKEB9SeVOkNV9qpAUY539HpWwmgNkww5lx5lvLvEWgDAgvWSrliTR+03sfcW:U29xzP53PWwnzelxEA8rlK+09

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/668-132-0x0000000000400000-0x0000000000460000-memory.dmp	upx
behavioral2/memory/668-133-0x0000000000400000-0x0000000000460000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4444	668	WerFault.exe	79
3652	668	WerFault.exe	79

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 4444	668	9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe	83
PID 668 wrote to memory of 4444	668	9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe	83
PID 668 wrote to memory of 4444	668	9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe	83

C:\Users\Admin\AppData\Local\Temp\9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe
"C:\Users\Admin\AppData\Local\Temp\9e5f824e9b86d83dd355941e42ccbce7dcdd7d1289ebf64be56b5a24b48909e4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 224
  2⤵
  - Program crash
  PID:4444
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 224
  2⤵
  - Program crash
  PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 668 -ip 668
1⤵
PID:4104

memory/668-132-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/668-133-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download