53721ed2cfc2f7f0ca3a7c3a0bb378c77aa9a7ac6463228cdbc2bc65606deb65

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:26

Target

1879bd606762268b46a9fdf2c57dba04.exe
Size

11KB
MD5

1879bd606762268b46a9fdf2c57dba04
SHA1

fb52fbcce63870bc95e245c8b5bed2a08dd04534
SHA256

53721ed2cfc2f7f0ca3a7c3a0bb378c77aa9a7ac6463228cdbc2bc65606deb65
SHA512

79e9b19be82c3ad191ef6af0cc916cc46bb355520f87afd191b79d50a681fe7b27513cd97700ed68addd73e7c4681744e63f01501d96ea6b9a5823be40a03fd1
SSDEEP

192:4iaRFDnfXxu+6aVeQWdn6rA4RSHVur23ANOFz5XCT2Nc:4dTfBuOV+nr11loOFz5wWc

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/memory/2088-1-0x0000000000400000-0x0000000000414000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	2088	WerFault.exe	2

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2832	2088	1879bd606762268b46a9fdf2c57dba04.exe	30
PID 2088 wrote to memory of 2832	2088	1879bd606762268b46a9fdf2c57dba04.exe	30
PID 2088 wrote to memory of 2832	2088	1879bd606762268b46a9fdf2c57dba04.exe	30
PID 2088 wrote to memory of 2832	2088	1879bd606762268b46a9fdf2c57dba04.exe	30

C:\Users\Admin\AppData\Local\Temp\1879bd606762268b46a9fdf2c57dba04.exe
"C:\Users\Admin\AppData\Local\Temp\1879bd606762268b46a9fdf2c57dba04.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 736
  2⤵
  - Program crash
  PID:2832

memory/2088-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2088-1-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download