5a8cbcd50731e6d2549ce6ad1d022c76000c23d6b8fc6e45e054bcd63974286f

Analysis

max time kernel
177s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 21:18

Target

3d24b3a173cc10f5ea08b6779518c64c.exe
Size

108KB
MD5

3d24b3a173cc10f5ea08b6779518c64c
SHA1

b1dbeb91e22e31308febb69af8ce3c6b98c36152
SHA256

5a8cbcd50731e6d2549ce6ad1d022c76000c23d6b8fc6e45e054bcd63974286f
SHA512

5ba0dd3779e1dcb9b87c6c7dd07e62d13e735ba81fc6d742ae6104e47e849c5fd99928f587b744e90344b28676d3e6f087e1dd05028210d2815b7f983e682bc4
SSDEEP

1536:qOC0FvV4OguHxjhpA4Bm7FW0vSUsghQevBFkutIbgTuFqKRr0aF5frlethd9ysB4:qwV4OgSzBm804eZFkz3Rr0gwtj9ys8dt

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/904-0-0x0000000000400000-0x000000000046B000-memory.dmp	upx
behavioral1/memory/904-1-0x0000000000400000-0x000000000046B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2880	904	WerFault.exe	4

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 2880	904	3d24b3a173cc10f5ea08b6779518c64c.exe	16
PID 904 wrote to memory of 2880	904	3d24b3a173cc10f5ea08b6779518c64c.exe	16
PID 904 wrote to memory of 2880	904	3d24b3a173cc10f5ea08b6779518c64c.exe	16
PID 904 wrote to memory of 2880	904	3d24b3a173cc10f5ea08b6779518c64c.exe	16

C:\Users\Admin\AppData\Local\Temp\3d24b3a173cc10f5ea08b6779518c64c.exe
"C:\Users\Admin\AppData\Local\Temp\3d24b3a173cc10f5ea08b6779518c64c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 88
  2⤵
  - Program crash
  PID:2880

memory/904-0-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/904-1-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download