ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b

Analysis

max time kernel
164s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
Size

117KB
MD5

c8f2f9957b980b2e79a60c9ec9ebe07c
SHA1

ef4f046e5cd66ce01c904d53bbee77f24b5e7918
SHA256

ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b
SHA512

6d3c1ea2a1db492794fc8b65c4fb629f496985b302d32f810b0246afea3a5ae7509f713425f5faa8aa52d6bfc80d268983bf49c5b6369223ba712ad55b4e1842
SSDEEP

3072:4WFbt9SX9WGfnuMiE53axZbUET9kJNhvu:vFbt92WGPpqTbxqDm

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5028-132-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\hhAJGEjNW	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\VxVaLHi55f	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\m6ad7VcukR	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\xLPsYdko	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\3cWip	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\sbJiRv6c	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\DaLJdC	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\UaVCARd	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\wVlyeeX2s3	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\Odc1B	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\77mtw2uDO7	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\SBAJ4	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\jOnYDl54t1	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\4cPtRn	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\tNLQF	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\c8Sa8TiB	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\vVLeYR6PI	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\EPSJdH	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\FbEISLS6	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\oFioLX	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\H6pud	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\eiCuoU	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\ut8WXwInE	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\iGlUyFkgGt	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\rynoJ2L	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\2LdDlkdsk	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\aSjGWowxY	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\k7rQMb	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\RwGn28hxG	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\Twys6xKKb5	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\WhfH7eCu	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\fUfTYqO6t	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\ciNsG36P	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\i1dVdnxOpO	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\tCb3cDV	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\H81VB	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\fc8b1dw1md	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\DiwuLS	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\BkAAfrGi	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\oV1L85x	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\WiVQ2XosT	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\iIdXgb	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\FQ4ISUNl7x	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\72QpJ	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\O1dXkeVMPn	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\bvLovgJMNh	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\jSm4fTU	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\nSYR4	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\4JUnrPY	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\LR2bjmL	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\fY3bTs	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\u8uL24V	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\LeXIr	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\EeOP8	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\5Gq6K	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\csKiP5iTg	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\3J53Bkc	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\pdeuaIMD	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\Crnsm	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\qChTUnAcf	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\rltPAdlBTt	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\fsROqHY	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\Bs17KmgAjA	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
File opened for modification	C:\Windows\WhUt6Obk2	ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5052	5028	WerFault.exe	81

C:\Users\Admin\AppData\Local\Temp\ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe
"C:\Users\Admin\AppData\Local\Temp\ec1b7cf58bf8d0e6460e73135ab10a4f3a94103c7613baccff5ed985123e912b.exe"
1⤵
- Drops file in Windows directory
PID:5028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 256
  2⤵
  - Program crash
  PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 5028 -ip 5028
1⤵
PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5028-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads