e048b31a6f5f7de2d68a9bb2ee0e32b61638cf47c642879e563fd3ffbc921365

Analysis

max time kernel
169s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:01

Target

13fd45d707bdab1dc04a06cedd986308.exe
Size

24KB
MD5

13fd45d707bdab1dc04a06cedd986308
SHA1

b965cbafdb1e435ca64dfccad38a7ee6f05bff92
SHA256

e048b31a6f5f7de2d68a9bb2ee0e32b61638cf47c642879e563fd3ffbc921365
SHA512

6cadfed7db5bfad8044725eca907184271bdc8dbc1be6def6c7227608c0232bf7425a8951a730b8cbb41616885703bd9d124ab6c2a9f2fdcb18331ec60cd74de
SSDEEP

384:vHFWizj12EH9irgf8A1JJ+n6QY/CHT89eIWgGNKL2JPAUTIeaK4aNJawcudoD7U9:PgQ5sr5AgjRgvW5NlJP1TznbcuyD7UM0

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4824-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral2/memory/4824-14-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\New.dll	13fd45d707bdab1dc04a06cedd986308.exe
File opened for modification	C:\Windows\SysWOW64\New.dll	13fd45d707bdab1dc04a06cedd986308.exe
File created	C:\Windows\SysWOW64\dsound.dll.240642812	13fd45d707bdab1dc04a06cedd986308.exe
File opened for modification	C:\Windows\SysWOW64\dsound.dll.240642812	13fd45d707bdab1dc04a06cedd986308.exe
File opened for modification	C:\Windows\SysWOW64\1011.ocx	13fd45d707bdab1dc04a06cedd986308.exe
File created	C:\Windows\SysWOW64\1011.ocx	13fd45d707bdab1dc04a06cedd986308.exe
File opened for modification	C:\Windows\SysWOW64\ddr011.ocx	13fd45d707bdab1dc04a06cedd986308.exe
File created	C:\Windows\SysWOW64\ddr011.ocx	13fd45d707bdab1dc04a06cedd986308.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4688	4824	WerFault.exe	87

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4824	13fd45d707bdab1dc04a06cedd986308.exe
4824	13fd45d707bdab1dc04a06cedd986308.exe

C:\Users\Admin\AppData\Local\Temp\13fd45d707bdab1dc04a06cedd986308.exe
"C:\Users\Admin\AppData\Local\Temp\13fd45d707bdab1dc04a06cedd986308.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:4824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 352
  2⤵
  - Program crash
  PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4824 -ip 4824
1⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\.data2

Filesize
149KB

MD5
50ca9e8f2c7eb22f399999fc499169d0

SHA1
702a4ffd102a6318d0f05ee029b9f03be0f6e9ce

SHA256
1a9b9f2909f26ed1d9b31978350eb96c3d526ce5168f4c691311a651f2e03ade

SHA512
d451b1340442d1193bb378c6f7893801c08a79bf83fd9549d2010ccaf162fc741850389af879112fde8168bcfeb7e05171aac074b5341e7ef692c52268d6efa1

Download Submit
memory/4824-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4824-14-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download