6aebb1315f0b543b83bff51a2e87049a59015c8bb69eff5a8ed0133d554070a0

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:21

Target

7c4829300063c5a22db09f463e93ab8b.exe
Size

177KB
MD5

7c4829300063c5a22db09f463e93ab8b
SHA1

0710e5561af076b041420f691e970987a7812f2c
SHA256

6aebb1315f0b543b83bff51a2e87049a59015c8bb69eff5a8ed0133d554070a0
SHA512

8255d9921ef146a42bdc1b1ea5ee18557312b4f38f3554b7fe6441f2bd47cf9932b97312e5342548ca6fbf0e5ce531ba5b77d6fd1caea843e8499c88aff1314e
SSDEEP

3072:PchRJgXkQbQJWB1+VK774VHRoJ00s4mVKi5QJszehcDdj5WYEgZpe:PchRJ60074FRoJkKi5Qlhcp8gy

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2628-0-0x0000000000400000-0x0000000000433000-memory.dmp	upx
behavioral1/memory/2628-3-0x0000000000400000-0x0000000000433000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
848	2628	WerFault.exe	1

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28
PID 2628 wrote to memory of 848	2628	7c4829300063c5a22db09f463e93ab8b.exe	28

C:\Users\Admin\AppData\Local\Temp\7c4829300063c5a22db09f463e93ab8b.exe
"C:\Users\Admin\AppData\Local\Temp\7c4829300063c5a22db09f463e93ab8b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 264
  2⤵
  - Program crash
  PID:848

memory/2628-1-0x0000000000240000-0x0000000000273000-memory.dmp

Filesize
204KB

Download
memory/2628-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2628-2-0x0000000000240000-0x0000000000273000-memory.dmp

Filesize
204KB

Download
memory/2628-3-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download