4153c8d27f02bac234c425272563273de2f7262cbb2006768398dbbc1d91aab6

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:46

Target

76a59c341aae17ef1c43604747c1968a.exe
Size

357KB
MD5

76a59c341aae17ef1c43604747c1968a
SHA1

2d497b1e4c94c8704fe6259009ac12e9e5e960d8
SHA256

4153c8d27f02bac234c425272563273de2f7262cbb2006768398dbbc1d91aab6
SHA512

e836ecbc81f9dbd0489763794ac775a29c74cc5861a9fca6e9b642fff3ae2554071e7746084120505d89187de63b0bdcabd1216cd8d0d9890c68c1384d4156d0
SSDEEP

6144:pj7pqcZKxTvR3TaukI9fD2xOdKCAJ/L4xGFdD6NrioBiX+TXBNy4IjZ:pj7JKVVGukeL2xOdKd3dGAoBW+bBNy4i

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1676-0-0x0000000001000000-0x00000000010F8000-memory.dmp	upx
behavioral2/memory/1676-1-0x0000000001000000-0x00000000010F8000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1228	1676	WerFault.exe	14
4852	1676	WerFault.exe	14

Suspicious use of SetWindowsHookEx 5 IoCs

C:\Users\Admin\AppData\Local\Temp\76a59c341aae17ef1c43604747c1968a.exe
"C:\Users\Admin\AppData\Local\Temp\76a59c341aae17ef1c43604747c1968a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 2020
  2⤵
  - Program crash
  PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 1976
  2⤵
  - Program crash
  PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1676 -ip 1676
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1676 -ip 1676
1⤵
PID:3820

memory/1676-0-0x0000000001000000-0x00000000010F8000-memory.dmp

Filesize
992KB

Download
memory/1676-1-0x0000000001000000-0x00000000010F8000-memory.dmp

Filesize
992KB

Download