2ca7e4ad20788dd0c445c839e4c0227a28c8e46cc76892926b826ca560837faa

Analysis

max time kernel
148s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:51

Target

3e5bb67ce8200fc0ba20e5557013c520.exe
Size

62KB
MD5

3e5bb67ce8200fc0ba20e5557013c520
SHA1

1ad0fb321926e238905f6b7375443b75d59aef0c
SHA256

2ca7e4ad20788dd0c445c839e4c0227a28c8e46cc76892926b826ca560837faa
SHA512

0d650e7370554609a1e3a66e30826bb0f9012b5877582f1ddc8dd651be102c3e396096c0f93aa9af6da7dac02d1bef22030788b5127b0b981c43d4162ca71ca8
SSDEEP

1536:MHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVt/2vg:MHoLde/OgV432UcP39hXJZn/0g

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2516-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2516-1-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2516-3-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1044	2516	WerFault.exe	89
2548	2516	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 1044	2516	3e5bb67ce8200fc0ba20e5557013c520.exe	95
PID 2516 wrote to memory of 1044	2516	3e5bb67ce8200fc0ba20e5557013c520.exe	95
PID 2516 wrote to memory of 1044	2516	3e5bb67ce8200fc0ba20e5557013c520.exe	95

C:\Users\Admin\AppData\Local\Temp\3e5bb67ce8200fc0ba20e5557013c520.exe
"C:\Users\Admin\AppData\Local\Temp\3e5bb67ce8200fc0ba20e5557013c520.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 380
  2⤵
  - Program crash
  PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 380
  2⤵
  - Program crash
  PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 2516 -ip 2516
1⤵
PID:2200

memory/2516-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2516-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2516-3-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download