23c384d39aee9d4a3e653adde9e2617fd2628f34f48543b3db1a9e6819b6d9b7

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 15:58

Target

7ad3c4579b7fd728ebd76c979721a2d5.exe
Size

149KB
MD5

7ad3c4579b7fd728ebd76c979721a2d5
SHA1

60a5c7e87ff7d35cce0dad606f024fcf2d2b85a3
SHA256

23c384d39aee9d4a3e653adde9e2617fd2628f34f48543b3db1a9e6819b6d9b7
SHA512

cc915652755336195e6ea8f997f8827f18f13a2aa58b7723168bd2a1735fa351aa3f5c73e1b3452ffcd1b5e6d1dd5045c05396f02e94bd4525f96de52a89599a
SSDEEP

3072:vwV4OgSzBmh04eZFkz3Rr0gwGj9Tf8PoIFTrmpEDUF:vMzzILGFkzhr0pGj9oPo+TipEgF

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1964-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral1/memory/1964-1-0x0000000000400000-0x0000000000475000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2384	1964	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2384	1964	7ad3c4579b7fd728ebd76c979721a2d5.exe	28
PID 1964 wrote to memory of 2384	1964	7ad3c4579b7fd728ebd76c979721a2d5.exe	28
PID 1964 wrote to memory of 2384	1964	7ad3c4579b7fd728ebd76c979721a2d5.exe	28
PID 1964 wrote to memory of 2384	1964	7ad3c4579b7fd728ebd76c979721a2d5.exe	28

C:\Users\Admin\AppData\Local\Temp\7ad3c4579b7fd728ebd76c979721a2d5.exe
"C:\Users\Admin\AppData\Local\Temp\7ad3c4579b7fd728ebd76c979721a2d5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 88
  2⤵
  - Program crash
  PID:2384

memory/1964-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-1-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download