44b4daf27b79abfdcd0ac6b4c83f21f051bac2f0f9d5b094445361b9423a6dfa

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 02:38

Target

00660b5647addd5a209d682b8ded414c.exe
Size

456KB
MD5

00660b5647addd5a209d682b8ded414c
SHA1

4d16cbee70c25cd699a11e968a3ec229f2706346
SHA256

44b4daf27b79abfdcd0ac6b4c83f21f051bac2f0f9d5b094445361b9423a6dfa
SHA512

51dcd0690164da9e01fec3fcdff24eed9a7000dfaf94f1381782edf8cbc9b7972e543a9e4cf4f68d0659c6b3aaf32f2ace3ddf59d7eed76783a9d8abbaa27664
SSDEEP

6144:5YZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0eRTGyQlTgALXqo1jmUZxL6xQGQgg:5SNC80I+cR3R03VseIPZNLXqs76P

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1252-0-0x0000000000400000-0x00000000004D4000-memory.dmp	upx
behavioral1/memory/1252-1-0x0000000000400000-0x00000000004D4000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2348	1252	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2348	1252	00660b5647addd5a209d682b8ded414c.exe	18
PID 1252 wrote to memory of 2348	1252	00660b5647addd5a209d682b8ded414c.exe	18
PID 1252 wrote to memory of 2348	1252	00660b5647addd5a209d682b8ded414c.exe	18
PID 1252 wrote to memory of 2348	1252	00660b5647addd5a209d682b8ded414c.exe	18

C:\Users\Admin\AppData\Local\Temp\00660b5647addd5a209d682b8ded414c.exe
"C:\Users\Admin\AppData\Local\Temp\00660b5647addd5a209d682b8ded414c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 204
  2⤵
  - Program crash
  PID:2348

memory/1252-0-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1252-1-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download