9af8421a0ebc8250eeda8ad334e0577962a98904936f590316e006893e3fb286

Analysis

max time kernel
141s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:52

Target

652b056ece1081547caf1d028b21c7e5.exe
Size

50KB
MD5

652b056ece1081547caf1d028b21c7e5
SHA1

2f50b9918903efafc4f89d94b48834b8c6f4cd71
SHA256

9af8421a0ebc8250eeda8ad334e0577962a98904936f590316e006893e3fb286
SHA512

d8b44d967fb9dc25b1fcb0afe911d470f2027f4a8b91e4c6fd52ffd791d2c6143e1491491b4b45ac854b3820580c0094213ac5b0f5be62cb0b4daaec8c189d3e
SSDEEP

1536:ayHY9oP+igC91Xgt+A0f4EFw1g17Ho9Gmnouy89AR:ayHVPx80gT1WHMout9AR

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2416-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2416-4-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2516	2416	WerFault.exe	14

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16
PID 2416 wrote to memory of 2516	2416	652b056ece1081547caf1d028b21c7e5.exe	16

C:\Users\Admin\AppData\Local\Temp\652b056ece1081547caf1d028b21c7e5.exe
"C:\Users\Admin\AppData\Local\Temp\652b056ece1081547caf1d028b21c7e5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 256
  2⤵
  - Program crash
  PID:2516

memory/2416-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-2-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2416-3-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2416-1-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2416-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-5-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2416-7-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download
memory/2416-8-0x0000000000020000-0x000000000003D000-memory.dmp

Filesize
116KB

Download