Analysis

  • max time kernel
    42s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 22:04

General

  • Target

    193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe

  • Size

    356KB

  • MD5

    73deaa02a442a58e190e810722835f4f

  • SHA1

    feedf067912cd7f7259b5aef7343427e079bf966

  • SHA256

    193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966

  • SHA512

    9be75cf27adcd5c7b7e8f90c67d1c26fa491d31ab5b7116cfbf3f8e291266a08c628b5e46d111774ea1204342055787d5582b6f70a47cce62ebb8e0a45de8291

  • SSDEEP

    6144:ETnjnvrM3mjHGh5Doh9Z5cAea4Jv81E6eiqgq8WfV5vP1:EHn438Hwerea2vEEriXq8WfV

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe
    "C:\Users\Admin\AppData\Local\Temp\193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 204
      2⤵
      • Program crash
      PID:1576

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1752-54-0x0000000075111000-0x0000000075113000-memory.dmp

          Filesize

          8KB

        • memory/1752-56-0x0000000000400000-0x00000000004B4000-memory.dmp

          Filesize

          720KB