Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 14:40

General

  • Target

    c85dff9876de50a3f2f370894674225e.exe

  • Size

    99KB

  • MD5

    c85dff9876de50a3f2f370894674225e

  • SHA1

    fdcf515133086c021c6c6b352a59726796cc0da4

  • SHA256

    59cf2b4d0c802188bb86b63ee8bf6032575e0a61a1e4ac93e39f377f073123f4

  • SHA512

    b54413b69b84a5cd81a515723ec4decbe6eaea444ed11225dc02ac33f3dfc441f2ef73fcb57da783ca149eec70fdc95868b4e9b57cfcf8a50be5efae1d50a1dd

  • SSDEEP

    1536:eB88XdvpLwCyl5UQ8ZwkeYmYTRZfA5kw/3UBbtoERrKKlr5:BOXwIvwkVRT45kw/3yO0rpll

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c85dff9876de50a3f2f370894674225e.exe
    "C:\Users\Admin\AppData\Local\Temp\c85dff9876de50a3f2f370894674225e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 88
      2⤵
      • Program crash
      PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3020-0-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB

  • memory/3020-1-0x0000000000400000-0x0000000000454000-memory.dmp

    Filesize

    336KB