e771a7a48a5952ca3839f13fade264cd9aea5e83c692bdb4b6c83aef93e1eb1d

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:40

Target

6476955fd6646e448d9244d0f14172bb.exe
Size

984KB
MD5

6476955fd6646e448d9244d0f14172bb
SHA1

f72d64569f7e80cde7804d1c740b1206fe203a63
SHA256

e771a7a48a5952ca3839f13fade264cd9aea5e83c692bdb4b6c83aef93e1eb1d
SHA512

7b95b97ec5465a00fc24e98b9e0fd184a89c98ee87c5bfa07ce904ab1e2d1835c95f1a26b886d90ee0699348cd4c95709ef65dd70cf2e6a6a3aed6485f256daa
SSDEEP

384:MjzXM/rM7eW9zORDL38UM6UQmttvpAeSp0SkvSYA3FZ58Ap0oub3:njMd9gL38vkGtepEvSF5bpwb

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1716-0-0x0000000000400000-0x000000000041B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2516	1716	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2516	1716	6476955fd6646e448d9244d0f14172bb.exe	14
PID 1716 wrote to memory of 2516	1716	6476955fd6646e448d9244d0f14172bb.exe	14
PID 1716 wrote to memory of 2516	1716	6476955fd6646e448d9244d0f14172bb.exe	14
PID 1716 wrote to memory of 2516	1716	6476955fd6646e448d9244d0f14172bb.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 36
1⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\6476955fd6646e448d9244d0f14172bb.exe
"C:\Users\Admin\AppData\Local\Temp\6476955fd6646e448d9244d0f14172bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

memory/1716-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download