80fcd2f73da35da1dd9c94bb5eede3cd5314ba238df4db16ab3670570490b765

Analysis

max time kernel
142s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:18

Target

06b683d9d2816b00305ba9bb407a3c73.exe
Size

5.0MB
MD5

06b683d9d2816b00305ba9bb407a3c73
SHA1

4214af8fe56747c681b0f531f4092e78a4837d5c
SHA256

80fcd2f73da35da1dd9c94bb5eede3cd5314ba238df4db16ab3670570490b765
SHA512

cb02e0b454c4b507ce6995f8fab791ddc375b87d72efc3e94ac700a0d82f7b3d9cf04556c373f390b277fe8f47e825c3946865aa61fc9114ba80bc2b29655af2
SSDEEP

49152:HG3WXJpVQbn78XXZJQYOYs3EFWe4kG5rS7vNwd5pfy97sG57EKOVrd:HG3YpC7IZJOYs3//k1wjpfEhY

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2044-0-0x0000000000400000-0x0000000000CE1000-memory.dmp	upx
behavioral1/memory/2044-1-0x0000000000400000-0x0000000000CE1000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2044	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2116	2044	06b683d9d2816b00305ba9bb407a3c73.exe	29
PID 2044 wrote to memory of 2116	2044	06b683d9d2816b00305ba9bb407a3c73.exe	29
PID 2044 wrote to memory of 2116	2044	06b683d9d2816b00305ba9bb407a3c73.exe	29
PID 2044 wrote to memory of 2116	2044	06b683d9d2816b00305ba9bb407a3c73.exe	29

C:\Users\Admin\AppData\Local\Temp\06b683d9d2816b00305ba9bb407a3c73.exe
"C:\Users\Admin\AppData\Local\Temp\06b683d9d2816b00305ba9bb407a3c73.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 48
  2⤵
  - Program crash
  PID:2116

memory/2044-0-0x0000000000400000-0x0000000000CE1000-memory.dmp

Filesize
8.9MB

Download
memory/2044-1-0x0000000000400000-0x0000000000CE1000-memory.dmp

Filesize
8.9MB

Download