24a5528e5f78dbb8f8cb319811f9141542a52742b63aeee79c1564f2607a983a

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 12:52

Target

1ff41b19601722a1c48d6f2f735040cc.exe
Size

637KB
MD5

1ff41b19601722a1c48d6f2f735040cc
SHA1

b5c1305ccabc86d240a7872d63771ba3e8a9d4e0
SHA256

24a5528e5f78dbb8f8cb319811f9141542a52742b63aeee79c1564f2607a983a
SHA512

0dd129151c1d6c7492cf5b982eb68804452a819690f47b96a3dac110e20aaabc235885484336a63e69e67e6876433aef7132fbe5fcf7ab8d67134953a3831c77
SSDEEP

12288:Pm0XNqkiC9mFMxc65zy8LwXj3TZBtk7nQAgXmEB8h/jjSb:PnXNTZ9KOcCVOk7nQsEBC/m

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-0-0x00000000003B0000-0x00000000004BE000-memory.dmp	upx
behavioral1/memory/3028-1-0x00000000003B0000-0x00000000004BE000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2612	3028	WerFault.exe	16

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2612	3028	1ff41b19601722a1c48d6f2f735040cc.exe	28
PID 3028 wrote to memory of 2612	3028	1ff41b19601722a1c48d6f2f735040cc.exe	28
PID 3028 wrote to memory of 2612	3028	1ff41b19601722a1c48d6f2f735040cc.exe	28
PID 3028 wrote to memory of 2612	3028	1ff41b19601722a1c48d6f2f735040cc.exe	28

C:\Users\Admin\AppData\Local\Temp\1ff41b19601722a1c48d6f2f735040cc.exe
"C:\Users\Admin\AppData\Local\Temp\1ff41b19601722a1c48d6f2f735040cc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 196
  2⤵
  - Program crash
  PID:2612

memory/3028-0-0x00000000003B0000-0x00000000004BE000-memory.dmp

Filesize
1.1MB

Download
memory/3028-1-0x00000000003B0000-0x00000000004BE000-memory.dmp

Filesize
1.1MB

Download