74a3cab101b6871ec12a22066799eb848bbf1549026df8955b3da77f6146a79c

Analysis

max time kernel
1641s
max time network
1707s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 03:44

Target

Computer Crasher 1000.exe
Size

1.0MB
MD5

5ef2e16b8023b7bf590081ade129e411
SHA1

1240dd1fa26ccbf2f715427a1c07c220d13b4d90
SHA256

74a3cab101b6871ec12a22066799eb848bbf1549026df8955b3da77f6146a79c
SHA512

4aa34b3006381f6aecfef20872a1d07ede71ec371b095c8d16cdb8af25165e965e1b7fdc76920f2c489bc2c2f3181903a8d68deff45d9b145ab719642a5735d8
SSDEEP

24576:tAi7jCfCd0T9ChJ2Gj9XTdYg7lmNWEM7vqPRTuwZ0MF:tAi7yALP9XZd8Wxz3MF

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2764	Crash.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	cmd.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2036-0-0x0000000000400000-0x0000000000517000-memory.dmp	upx
behavioral1/memory/2036-16-0x0000000000400000-0x0000000000517000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2104	2036	Computer Crasher 1000.exe	29
PID 2036 wrote to memory of 2104	2036	Computer Crasher 1000.exe	29
PID 2036 wrote to memory of 2104	2036	Computer Crasher 1000.exe	29
PID 2036 wrote to memory of 2104	2036	Computer Crasher 1000.exe	29
PID 2104 wrote to memory of 2764	2104	cmd.exe	30
PID 2104 wrote to memory of 2764	2104	cmd.exe	30
PID 2104 wrote to memory of 2764	2104	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\Computer Crasher 1000.exe
"C:\Users\Admin\AppData\Local\Temp\Computer Crasher 1000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\4412.tmp\4413.tmp\4424.bat "C:\Users\Admin\AppData\Local\Temp\Computer Crasher 1000.exe""
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Crash.exe
    Crash
    3⤵
    - Executes dropped EXE
    PID:2764

C:\Users\Admin\AppData\Local\Temp\4412.tmp\4413.tmp\4424.bat

Filesize
16B

MD5
0f33b8a9f8123430325c6a3e64de6dcd

SHA1
7c257089624a3f54ca92632de9578f979e7d9069

SHA256
91f6fc9a04d77995f0293d587730effe70f269939d50f7a8d45a3a08728aff59

SHA512
a3de4bc771f1ec2cb6739eb4cc741e3576fa491acab5262127232d8e1d358a8be4cdd89fc59b2eb9d9e955364371e61188e881a67323a048d8a5b9924773e612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Crash.exe

Filesize
17KB

MD5
6fba64fefa4d2f6d2ec59a8a493e297f

SHA1
f77b995bcb47e509c1bcfa5fc52167d0e6ceb281

SHA256
ec943955fa120b98ac62b43df7faacf9540d68aac15c52412d434b2a28b45870

SHA512
ca45bd0d3e77ab4bbe2bdaf1269c656e56a1e75194f144308658bd926acf1c1bb3edbe0f3a8be8df79a27dfa2e6243454a73327b5247b92f8353505706a2ef73

Download Submit
\Users\Admin\AppData\Local\Temp\Crash.exe

Filesize
17KB

MD5
6fba64fefa4d2f6d2ec59a8a493e297f

SHA1
f77b995bcb47e509c1bcfa5fc52167d0e6ceb281

SHA256
ec943955fa120b98ac62b43df7faacf9540d68aac15c52412d434b2a28b45870

SHA512
ca45bd0d3e77ab4bbe2bdaf1269c656e56a1e75194f144308658bd926acf1c1bb3edbe0f3a8be8df79a27dfa2e6243454a73327b5247b92f8353505706a2ef73

Download Submit
memory/2036-0-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/2036-16-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download