02f964290db2c00dd910937d4a409a80c98e99e808b29181bcf759cee8489f99

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:22

Target

1cd7ae6a6821361b0fdd43845ad24b3d.exe
Size

38KB
MD5

1cd7ae6a6821361b0fdd43845ad24b3d
SHA1

7bafd08d27560395ce1f9ab4fc5218393c671f3e
SHA256

02f964290db2c00dd910937d4a409a80c98e99e808b29181bcf759cee8489f99
SHA512

f6b921da4b209d8f16d31b74083581ebb6f75f7bcba4be0eb977c34589439debbae4a57f0e33935481f000c10bb13c34da3e07f797cb8b94eb3332408e77dc70
SSDEEP

768:2QlH4o2JUU9IgOcGRT9G7shhR5E9vdV++mHnm9IEheGcqXhk:hluJhfOcGRZFgXjmHLEheoRk

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2940-0-0x0000000000400000-0x0000000000416200-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
3048	2940	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 3048	2940	1cd7ae6a6821361b0fdd43845ad24b3d.exe	14
PID 2940 wrote to memory of 3048	2940	1cd7ae6a6821361b0fdd43845ad24b3d.exe	14
PID 2940 wrote to memory of 3048	2940	1cd7ae6a6821361b0fdd43845ad24b3d.exe	14
PID 2940 wrote to memory of 3048	2940	1cd7ae6a6821361b0fdd43845ad24b3d.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 116
1⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\1cd7ae6a6821361b0fdd43845ad24b3d.exe
"C:\Users\Admin\AppData\Local\Temp\1cd7ae6a6821361b0fdd43845ad24b3d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2940

memory/2940-0-0x0000000000400000-0x0000000000416200-memory.dmp

Filesize
88KB

Download