c1b43a6078945d3d84aebe885c4f4d64d77e097bfbfb260cc668e490d67d4eed

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 22:57

Target

fe584fac176ded9565e21f0931fe894a.exe
Size

1.7MB
MD5

fe584fac176ded9565e21f0931fe894a
SHA1

18d046480b0ce1dfa967414c7a229a2598e044be
SHA256

c1b43a6078945d3d84aebe885c4f4d64d77e097bfbfb260cc668e490d67d4eed
SHA512

baa16e92633ccfae534a6769119bf9f74379ecd298d94101955a2b8757ba57a2b21083f93e9a062fdb43db489ef0640c02b1d0eb8d1801eea13cfa4f5773822e
SSDEEP

24576:LWS0q3GwefsjkZv8aVoN7iHcwL1kdi71KeYXIkcc4X1z9vAacnbVh:LWS0q3Goqv36NjbiLwpWt94p

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3784-1-0x0000000000400000-0x0000000001BDD000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4524	3784	WerFault.exe	12
1540	3784	WerFault.exe	12

Suspicious behavior: EnumeratesProcesses 4 IoCs

C:\Users\Admin\AppData\Local\Temp\fe584fac176ded9565e21f0931fe894a.exe
"C:\Users\Admin\AppData\Local\Temp\fe584fac176ded9565e21f0931fe894a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 528
  2⤵
  - Program crash
  PID:4524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 528
  2⤵
  - Program crash
  PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3784 -ip 3784
1⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3784 -ip 3784
1⤵
PID:2264

memory/3784-0-0x0000000003A70000-0x0000000003C1C000-memory.dmp

Filesize
1.7MB

Download
memory/3784-1-0x0000000000400000-0x0000000001BDD000-memory.dmp

Filesize
23.9MB

Download