0026add5b0b00a9d8caeb24842853adbe88b32a477655f2923fd89d3c8cf2233 | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:16

Sharing

Report Analysis Logs

General

Target

4f8529c6d93572bf372bdf648e85b084.exe
Size

111KB
MD5

4f8529c6d93572bf372bdf648e85b084
SHA1

7aa38501be8ae594379777bfb5e1ad3d6f54b22b
SHA256

0026add5b0b00a9d8caeb24842853adbe88b32a477655f2923fd89d3c8cf2233
SHA512

6d6ab13dad5b0c69cbe2662715a04253f6da7d9bf73b80fc83c41cdcd472aa77fede49e3bdecad8c31bb4648ff60a3dadf98c84246b0ec05564b895a09cbae6f
SSDEEP

3072:91qMJKrUnFYY5z1i0Nmbi5fJBNPhkout:3IrPj0NmWtNyoS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2872-0-0x0000000000400000-0x0000000000450000-memory.dmp	upx
behavioral1/memory/2872-1-0x0000000000400000-0x0000000000450000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2120	2872	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2120	2872	4f8529c6d93572bf372bdf648e85b084.exe	14
PID 2872 wrote to memory of 2120	2872	4f8529c6d93572bf372bdf648e85b084.exe	14
PID 2872 wrote to memory of 2120	2872	4f8529c6d93572bf372bdf648e85b084.exe	14
PID 2872 wrote to memory of 2120	2872	4f8529c6d93572bf372bdf648e85b084.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 204
1⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\4f8529c6d93572bf372bdf648e85b084.exe
"C:\Users\Admin\AppData\Local\Temp\4f8529c6d93572bf372bdf648e85b084.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2872-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download