6ddb0b6b5e144b04775ac4ecac6384c61cb903bdec7d854b9f1f99d0000faea7

Analysis

max time kernel
136s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79d7d6c2449d71c5f57e3d7274cecc42.exe
Size

76KB
MD5

79d7d6c2449d71c5f57e3d7274cecc42
SHA1

37b651e35c3ffd1641a818ab4a0df7c7054ebe2d
SHA256

6ddb0b6b5e144b04775ac4ecac6384c61cb903bdec7d854b9f1f99d0000faea7
SHA512

da0d159e88b979f2b9b5270a54a9120d284687d31b1086d5eef66a9e71f7281e9bab2da2bf844d226c63cf6430f8cccb2bbb2a6c968e9e421ebc9015a16f3aee
SSDEEP

1536:i0iA2Dg42PQe1l1mwSHkWlxOyFNbvEJ3D6ZWJzzED:32J8QFHLOyHbMJT+Ozg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3488-0-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral2/memory/3488-109-0x0000000000400000-0x0000000000425000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\JnGCQ	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\icybByB7U	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\O7E1iaf22s	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\jvCdUC	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8PpDHAfK3i	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\1QlCEMCW	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\JMuXAGjvk	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Ggic7	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xWab4	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\v7VdnYqe	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\JGgYi	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BNL5qes	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\7BP46dfh	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BhsWaf	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\u8Qfaq	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\vxy1p3	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\kkU1VPSLP	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xO8HATyLOY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\144jkRfYe5	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\6foPCe7qNo	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BliukY4HP	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\CCLOgpM	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\OerVNcIU	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\bw8VjavCUR	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\SHAcB	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\MAGsm	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Xpf2Mm2KO	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\6OMU44uWOW	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8EAjHymp	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\HfSCj	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Y6NxdTNG	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xNiEn	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\wMhwL	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\QcFIC	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\XeBrLSBhFa	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\CmEm4WQT1	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\EsxjCr	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\djc3GMAv	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\qqvYDwBc1	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\e2BRs7XCOc	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\ekHFhX4c	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\TtMYc336j	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\oF1CKLrj	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\KKYECa7cX	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\eXywNfD	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\tYPYrCGdab	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\jNINWpX8E	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\oSIru3SWY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8AM1o	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\dUxpqMMDA	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\iW1xkQGf	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\gNADHr	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\fyPWpUc	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\VYheTgWVhv	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\DX7CfXOvPi	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\31smHNO	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BKESmNn	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\5hhALccVlp	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\gy8PxTd2	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\78ErIXU	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\K1288ihQ	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\iMBu3o	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\A5RpSGbTV4	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\AE5mB2cG7	79d7d6c2449d71c5f57e3d7274cecc42.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4604	3488	WerFault.exe	69

C:\Users\Admin\AppData\Local\Temp\79d7d6c2449d71c5f57e3d7274cecc42.exe
"C:\Users\Admin\AppData\Local\Temp\79d7d6c2449d71c5f57e3d7274cecc42.exe"
1⤵
- Drops file in Windows directory
PID:3488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 260
  2⤵
  - Program crash
  PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3488 -ip 3488
1⤵
PID:3220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3488-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/3488-108-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/3488-109-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads