c64fbc719045c05f6a9aeb748bec22345f0cc8bb49d8a1de2b3d03c2062218e1

Analysis

max time kernel
141s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:34

Target

7d10aa9468c19a58869a9a5df5dbb245.exe
Size

15KB
MD5

7d10aa9468c19a58869a9a5df5dbb245
SHA1

2c08b398fb61356cf95b123fe5a32588044437c2
SHA256

c64fbc719045c05f6a9aeb748bec22345f0cc8bb49d8a1de2b3d03c2062218e1
SHA512

2c3cf95b949d60f09f2e7fd933d89a32ca79f201114ac3efeac3c977f840c8653a9785a29ccd2a633f3860e1e04934eba53eb927c939f771da167a3c9f851491
SSDEEP

384:90vIT+gsNQMODSkRJgCsv1xZzC3O24dig6:9fT+5NNISuVsv1xZzzdin

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2448-0-0x0000000000400000-0x000000000040D000-memory.dmp	upx
behavioral1/memory/2448-10-0x0000000000400000-0x000000000040D000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\d3d8.dll.rep	7d10aa9468c19a58869a9a5df5dbb245.exe
File opened for modification	C:\Windows\SysWOW64\d3d8.dll.rep	7d10aa9468c19a58869a9a5df5dbb245.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system\Vch7DF6.tmp	7d10aa9468c19a58869a9a5df5dbb245.exe
File opened for modification	C:\Windows\system\Vch7DF6.tmp	7d10aa9468c19a58869a9a5df5dbb245.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2448	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2116	2448	7d10aa9468c19a58869a9a5df5dbb245.exe	28
PID 2448 wrote to memory of 2116	2448	7d10aa9468c19a58869a9a5df5dbb245.exe	28
PID 2448 wrote to memory of 2116	2448	7d10aa9468c19a58869a9a5df5dbb245.exe	28
PID 2448 wrote to memory of 2116	2448	7d10aa9468c19a58869a9a5df5dbb245.exe	28

C:\Users\Admin\AppData\Local\Temp\7d10aa9468c19a58869a9a5df5dbb245.exe
"C:\Users\Admin\AppData\Local\Temp\7d10aa9468c19a58869a9a5df5dbb245.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 128
  2⤵
  - Program crash
  PID:2116

C:\Users\Admin\AppData\Local\Temp\Vch7DF6.tmp

Filesize
19KB

MD5
863635f3285121bb3bc8c1fc4bbf8eec

SHA1
aac018e200c501b19602c2972f67c5fbc56e2c70

SHA256
e9a8ec237644d255db141875f758918eb597aba7375aa0ecdbdfbab41a78d82d

SHA512
7faf088ba2d71b1ee77f310f1d08ebff07d3b1e402995eddfecfe4c6a2e3c7d47dc856690dc5cd2e1c5674c7220a3f6db56f0ec4e30973b2cbf67b857f23bda0

Download Submit
memory/2448-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2448-10-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download