5397ad1e5654ec738732bb51c7dea3afb2b84baa7d2098602c25eb6b32ee36f0 | Triage

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:32

Sharing

Report Analysis Logs

General

Target

1127c8942b74c54cfb4d228bdaeea7e6.exe
Size

327KB
MD5

1127c8942b74c54cfb4d228bdaeea7e6
SHA1

46a6d2cd99ee717e03f985696a0e2486d9705905
SHA256

5397ad1e5654ec738732bb51c7dea3afb2b84baa7d2098602c25eb6b32ee36f0
SHA512

248616f49db065f033602e9789ba466e2521139a5291dd3d3a372a810709659967eaaeb1bd356fc237774a72989db7dd9bf9f9e1ecc2a4e0795d1e4aead017d0
SSDEEP

6144:IBxvK3SHSI1SHZX4ok6+6JcgLpZy6pAp+0dTmQl:gvK33QSx4N6+2dvymP4V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4848-0-0x0000000000400000-0x00000000004A8000-memory.dmp	upx
behavioral2/memory/4848-2-0x0000000000400000-0x00000000004A8000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4300	4848	WerFault.exe	29
2556	4848	WerFault.exe	29

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4300	4848	1127c8942b74c54cfb4d228bdaeea7e6.exe	93
PID 4848 wrote to memory of 4300	4848	1127c8942b74c54cfb4d228bdaeea7e6.exe	93
PID 4848 wrote to memory of 4300	4848	1127c8942b74c54cfb4d228bdaeea7e6.exe	93

C:\Users\Admin\AppData\Local\Temp\1127c8942b74c54cfb4d228bdaeea7e6.exe
"C:\Users\Admin\AppData\Local\Temp\1127c8942b74c54cfb4d228bdaeea7e6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 520
  2⤵
  - Program crash
  PID:4300
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 520
  2⤵
  - Program crash
  PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4848 -ip 4848
1⤵
PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4848-0-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/4848-2-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download