a227c96af593108664720742c60c200d370094fb1c2acf8ff5516611917f2c64 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12-12-2022 12:25

Sharing

Report Analysis Logs

General

Target

JHGSD37623.exe
Size

537KB
MD5

43f232536b413ebf169141944069ae77
SHA1

0efc90691d45072ddd595cc4c2258e2f4bea42de
SHA256

a227c96af593108664720742c60c200d370094fb1c2acf8ff5516611917f2c64
SHA512

3adb48ae6dcdfbea2ac3bea9439e1d5d44884a3a5d5f3ac31ff9ad7a437f8a877a4ca8a1eda9213d4bced7e5c1181a0197aa957d422620a83fbbc745b0f470f6
SSDEEP

12288:g4lThwQGIQilGzWTifG1g6eUtEsx1P5W1Zrr004mTbtoMA:RlTOFq7TifGG66sv5W1Zrndbt

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1196-55-0x000000013F090000-0x000000013F1F3000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

884 1196 WerFault.exe JHGSD37623.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

JHGSD37623.exe

description	pid	process	target process
PID 1196 wrote to memory of 884	1196	JHGSD37623.exe	WerFault.exe
PID 1196 wrote to memory of 884	1196	JHGSD37623.exe	WerFault.exe
PID 1196 wrote to memory of 884	1196	JHGSD37623.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\JHGSD37623.exe
"C:\Users\Admin\AppData\Local\Temp\JHGSD37623.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1196 -s 280
2⤵
- Program crash
PID:884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-54-0x0000000000000000-mapping.dmp

Download
memory/1196-55-0x000000013F090000-0x000000013F1F3000-memory.dmp

Filesize
1.4MB

Download