14adbbd61a247849b6c57f8ae095bb2c98937e7156e0e76d522e28a24d88a8fc

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 07:31

Target

1231d7ce085ee7f68b15d64e3475e694.exe
Size

80KB
MD5

1231d7ce085ee7f68b15d64e3475e694
SHA1

83351d46ad91bc1e68e62df9a82adea3129e61f5
SHA256

14adbbd61a247849b6c57f8ae095bb2c98937e7156e0e76d522e28a24d88a8fc
SHA512

426ec3bed0b83e54168ec14b30209b82e56ca1cccfcdb3b583d9e8c27b011dc0d82b7dcad9b3f0f85d7813b1fd75db621565303afb7cc8085804bed733dd91eb
SSDEEP

1536:QzkUjwPuU4giMXHS2rgIceOjk7ijLAyWbAAaBEc79QZQ9iGwlyu+rBZCVeAFgmUL:RPag315AcA4AN9OZF/lGZANiHbv

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral1/memory/2856-1-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2376	2856	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2376	2856	1231d7ce085ee7f68b15d64e3475e694.exe	28
PID 2856 wrote to memory of 2376	2856	1231d7ce085ee7f68b15d64e3475e694.exe	28
PID 2856 wrote to memory of 2376	2856	1231d7ce085ee7f68b15d64e3475e694.exe	28
PID 2856 wrote to memory of 2376	2856	1231d7ce085ee7f68b15d64e3475e694.exe	28

C:\Users\Admin\AppData\Local\Temp\1231d7ce085ee7f68b15d64e3475e694.exe
"C:\Users\Admin\AppData\Local\Temp\1231d7ce085ee7f68b15d64e3475e694.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 132
  2⤵
  - Program crash
  PID:2376

memory/2856-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2856-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download