f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-08-2023 02:54

Target

f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
Size

6.1MB
MD5

7c523d603ac765f027e6f6dfd617e527
SHA1

7054baf32d77811a87c12c32a71fcf5b6eda2df9
SHA256

f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4
SHA512

5519de9dca20427b2de4a88579dda779ef330d3e0076de256de5a1c4fa65c290ec2ece2eadf80898dac675fccc85af4f7d708f82077bca4f95f671fbd817b143
SSDEEP

98304:fJKhWJqoe/33cbOFTlgqcbGTxbPSeCnzZXsI8n2ovJHwSPUy1SKArTqf2jtWlpve:hKwMo+n/Tlejz42HtyvmGetWlp0dL0

Score

7^/10

upx

Loads dropped DLL 1 IoCs

pid	Process
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2672-54-0x0000000000400000-0x0000000001462000-memory.dmp	upx
behavioral1/memory/2672-60-0x0000000000400000-0x0000000001462000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2620	2672	WerFault.exe	27

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2620	2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe	28
PID 2672 wrote to memory of 2620	2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe	28
PID 2672 wrote to memory of 2620	2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe	28
PID 2672 wrote to memory of 2620	2672	f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe	28

C:\Users\Admin\AppData\Local\Temp\f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe
"C:\Users\Admin\AppData\Local\Temp\f13a10e9c392c7b9ac7e55f88db88367f500ecf654c29e9075d9f5e413a0fad4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 672
  2⤵
  - Program crash
  PID:2620

\Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll

Filesize
8.4MB

MD5
8b6c94bbdbfb213e94a5dcb4fac28ce3

SHA1
b56102ca4f03556f387f8b30e2b404efabe0cb65

SHA256
982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

SHA512
9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

Download Submit
memory/2672-54-0x0000000000400000-0x0000000001462000-memory.dmp

Filesize
16.4MB

Download
memory/2672-60-0x0000000000400000-0x0000000001462000-memory.dmp

Filesize
16.4MB

Download