7154fc4261815592a5a0e77193a49f4a339e62f4b6175a29f0777863ade4abdb

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 08:18

Target

5f2a83e3803f8a55a1ab90b4c9086a44.exe
Size

95KB
MD5

5f2a83e3803f8a55a1ab90b4c9086a44
SHA1

db96fcc632920df02aa596737f5a52d4419d8852
SHA256

7154fc4261815592a5a0e77193a49f4a339e62f4b6175a29f0777863ade4abdb
SHA512

c71d8cd9f668456672b05b638d473376fde56f35330ac39e3ac36872188a7275d458adc43a74711c0b238932bf01990cfc702a0b77ec9c13c794657de90ee911
SSDEEP

1536:yLOYlHHISrrby8IDgdyXNPNhveJlMVOtqeZiOvXiWRmt6ul8kF7+vuOrCBE:yqEIm+8wtXNPNFeLOOfIOvXZEt6uCM7m

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1156-2-0x0000000001000000-0x0000000001036000-memory.dmp	upx
behavioral1/memory/1156-0-0x0000000001000000-0x0000000001036000-memory.dmp	upx
behavioral1/memory/1156-3-0x0000000001000000-0x0000000001036000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2532	1156	WerFault.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14
PID 1156 wrote to memory of 2532	1156	5f2a83e3803f8a55a1ab90b4c9086a44.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 268
1⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\5f2a83e3803f8a55a1ab90b4c9086a44.exe
"C:\Users\Admin\AppData\Local\Temp\5f2a83e3803f8a55a1ab90b4c9086a44.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156

memory/1156-2-0x0000000001000000-0x0000000001036000-memory.dmp

Filesize
216KB

Download
memory/1156-1-0x0000000000230000-0x0000000000266000-memory.dmp

Filesize
216KB

Download
memory/1156-0-0x0000000001000000-0x0000000001036000-memory.dmp

Filesize
216KB

Download
memory/1156-3-0x0000000001000000-0x0000000001036000-memory.dmp

Filesize
216KB

Download
memory/1156-4-0x0000000000230000-0x0000000000266000-memory.dmp

Filesize
216KB

Download