2bbc9ca3dd089960d184b1a1872c16772c4ec085802e33cc7bb9e9aef3726cf2

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:29

Target

10046c5939e4e72be8c702304178a2cb.exe
Size

23KB
MD5

10046c5939e4e72be8c702304178a2cb
SHA1

a78ee0bc2e33c9503c82dfb0fa6a765413544ead
SHA256

2bbc9ca3dd089960d184b1a1872c16772c4ec085802e33cc7bb9e9aef3726cf2
SHA512

73324c6773bc31428c7484c06b9ec39463724afe10bab2270de6c6cc74da50b057ba8bb1b0890e286c0c48cf556119ee3781e80d84fdb02986e7efabef2aeb0c
SSDEEP

384:oomgjHNYqsuTBK74KSJFkki22vlRLWl2QSj+UFmWB2QjFd:ooVjHNYq1TBK7EF42GL20hFmyZ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000400000-0x000000000044D000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2952	2884	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2952	2884	10046c5939e4e72be8c702304178a2cb.exe	14
PID 2884 wrote to memory of 2952	2884	10046c5939e4e72be8c702304178a2cb.exe	14
PID 2884 wrote to memory of 2952	2884	10046c5939e4e72be8c702304178a2cb.exe	14
PID 2884 wrote to memory of 2952	2884	10046c5939e4e72be8c702304178a2cb.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 44
1⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\10046c5939e4e72be8c702304178a2cb.exe
"C:\Users\Admin\AppData\Local\Temp\10046c5939e4e72be8c702304178a2cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884

memory/2884-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download