b0e98854335490d4dcf5dcf7d76db1749b3bbd4b716e8c26c0eb2718591b44ec

Analysis

max time kernel
140s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 18:35

Target

6b565c06910c831162918a29f2198ed4.exe
Size

3.2MB
MD5

801e6805f1d505f91f951a91634421c6
SHA1

8050cb59a1e77f9975a8c29c7eba1011c78c0327
SHA256

b0e98854335490d4dcf5dcf7d76db1749b3bbd4b716e8c26c0eb2718591b44ec
SHA512

f4b784bccc39a8b8125feb446e95a525de61c2aa80c2bf0ed5624ef7cdd645459895dde3e96a6e9baac26451dd3f55b636a79aba50e53c72f4747b8cc92896d5
SSDEEP

49152:NS6mKehDeOhVlDn55F8Fe2QO/El96Ih6AbAwjypfGv9wUsw31aaog:o6PesOhV5n5cFe2vEnFzjSf3UX1aa

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1084-54-0x0000000000400000-0x0000000001C17000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	1084	WerFault.exe	27

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2012	1084	6b565c06910c831162918a29f2198ed4.exe	28
PID 1084 wrote to memory of 2012	1084	6b565c06910c831162918a29f2198ed4.exe	28
PID 1084 wrote to memory of 2012	1084	6b565c06910c831162918a29f2198ed4.exe	28
PID 1084 wrote to memory of 2012	1084	6b565c06910c831162918a29f2198ed4.exe	28

C:\Users\Admin\AppData\Local\Temp\6b565c06910c831162918a29f2198ed4.exe
"C:\Users\Admin\AppData\Local\Temp\6b565c06910c831162918a29f2198ed4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 412
  2⤵
  - Program crash
  PID:2012

memory/1084-54-0x0000000000400000-0x0000000001C17000-memory.dmp

Filesize
24.1MB

Download