9441f1ddb6da339269ef9c0c3141e290bf32a027b6f797dc5237eb7b489364ed

Analysis

max time kernel
121s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 19:46

Target

3909a0bcc36e45cd8c2b7a6e176bbed8.exe
Size

59KB
MD5

3909a0bcc36e45cd8c2b7a6e176bbed8
SHA1

2082bfa1f696bf6ffc5776a6e4e3714e59689c88
SHA256

9441f1ddb6da339269ef9c0c3141e290bf32a027b6f797dc5237eb7b489364ed
SHA512

a3360f5c78fcf494d09c99c18a07e33ac56261b5c7371b9eb2a7c4760e8c388c49fe6034b65ffd04ed023f6352bdb85e5fa913a54e892b50858492b7b311665e
SSDEEP

768:GFoWTi7VKJKT0OWs5TtWERYImI7YSNyPtGJiIf6hYyIGfMrSnshKubehypRl4TM0:CbT0QRs5TQxUGwf6bsr5Sh2Rl4h5z

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2636-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2568	2636	WerFault.exe	14

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2568	2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe	29
PID 2636 wrote to memory of 2568	2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe	29
PID 2636 wrote to memory of 2568	2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe	29
PID 2636 wrote to memory of 2568	2636	3909a0bcc36e45cd8c2b7a6e176bbed8.exe	29

C:\Users\Admin\AppData\Local\Temp\3909a0bcc36e45cd8c2b7a6e176bbed8.exe
"C:\Users\Admin\AppData\Local\Temp\3909a0bcc36e45cd8c2b7a6e176bbed8.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 308
  2⤵
  - Program crash
  PID:2568

memory/2636-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2636-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2636-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2636-3-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2636-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2636-7-0x0000000077B00000-0x0000000077B01000-memory.dmp

Filesize
4KB

Download
memory/2636-9-0x00000000003C0000-0x00000000003CB000-memory.dmp

Filesize
44KB

Download
memory/2636-10-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2636-11-0x00000000003C0000-0x00000000003CB000-memory.dmp

Filesize
44KB

Download