641796ccafe97b62818100bfb0ce29ae8ebdd9c4b2d3673f386109e846c9d604

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:55

Target

20c040fcaa36e785fc79f57e19d2e73f.exe
Size

127KB
MD5

20c040fcaa36e785fc79f57e19d2e73f
SHA1

8a0d827ae5cd56c7a1ee52f66a796929de02f71b
SHA256

641796ccafe97b62818100bfb0ce29ae8ebdd9c4b2d3673f386109e846c9d604
SHA512

e7c43dcae7133070a2e704f41c976278c9249fb45c74a026638749a946952eeed2ac6192958c5c8d66ad54e3c0b4b115df94dc4e466ea90f37a76ac37bf397ab
SSDEEP

1536:nOC0FvV4OguHxjhpA4Bm7uW0vSUsghQevBFkutIbgTuFqKRr0aF5fnleGhd9TfBi:nwV4OgSzBmh04eZFkz3Rr0g0Gj9Tf8

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x000000000046A000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2112	2088	WerFault.exe	23

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2112	2088	20c040fcaa36e785fc79f57e19d2e73f.exe	28
PID 2088 wrote to memory of 2112	2088	20c040fcaa36e785fc79f57e19d2e73f.exe	28
PID 2088 wrote to memory of 2112	2088	20c040fcaa36e785fc79f57e19d2e73f.exe	28
PID 2088 wrote to memory of 2112	2088	20c040fcaa36e785fc79f57e19d2e73f.exe	28

C:\Users\Admin\AppData\Local\Temp\20c040fcaa36e785fc79f57e19d2e73f.exe
"C:\Users\Admin\AppData\Local\Temp\20c040fcaa36e785fc79f57e19d2e73f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 88
  2⤵
  - Program crash
  PID:2112

memory/2088-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download