ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 00:51

Target

ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe
Size

254KB
MD5

0ebe40a74f6095a3663a3513021fc3af
SHA1

24986db7bebe253a0074dbc2d82b296f6922e9c9
SHA256

ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127
SHA512

aed17d2cdce604ce35b6ab9e2713cd92986437709d4e63faad6aded471881a5994da22e648cdd1db4ceac377d8fe9157d68799bcf06ebdc156aa6409d5657c40
SSDEEP

6144:NBvtowjFeHn7hK/rmYputWCUS6vQexFtP7eY:XtsHgrmYpeWCUS6oeXtP7v

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1436-55-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Eventlog.dll	ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1732	1436	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1732	1436	ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe	18
PID 1436 wrote to memory of 1732	1436	ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe	18
PID 1436 wrote to memory of 1732	1436	ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe	18
PID 1436 wrote to memory of 1732	1436	ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe	18

C:\Users\Admin\AppData\Local\Temp\ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe
"C:\Users\Admin\AppData\Local\Temp\ccf3992a1acc6a28e79b6f168226afe5e6d692bf928368488b8d961e83427127.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 44
  2⤵
  - Program crash
  PID:1732

memory/1436-55-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download