eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 06:02 UTC

Target

eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe
Size

11KB
MD5

2369f9c7f412eecfb52da9efaa491776
SHA1

1d8e1306b8f77660db549a138c6eca91f3d90473
SHA256

eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184
SHA512

762218f6abf52ca6eb9747efae2ca4ccb0911cdcae32a2f1875da434722f5584bb31c4ea1a9f6cb83d9dff724f1da47b926c08b71a540e03bbfd51bb01165e14
SSDEEP

192:Aq91pWeh9eV6+FqXRsYQfSAwZpRI8rjp7Q5mIBK0+b7vK:AqLvveeRsYQfas4jpE34fS

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/856-55-0x0000000001000000-0x000000000100A000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
272	856	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 272	856	eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe	28
PID 856 wrote to memory of 272	856	eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe	28
PID 856 wrote to memory of 272	856	eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe	28
PID 856 wrote to memory of 272	856	eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe	28

C:\Users\Admin\AppData\Local\Temp\eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe
"C:\Users\Admin\AppData\Local\Temp\eeef900ee9c3319f759bd0426b1f88521302edc1ecadd6b716d8708780b46184.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 88
  2⤵
  - Program crash
  PID:272

memory/856-55-0x0000000001000000-0x000000000100A000-memory.dmp

Filesize
40KB

Download