0edcdbf24bda185072c7753cfc8773e7f38553f10f7fad47baec047d477d13e5

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:39

Target

2203ae4ee0b50dcb51ba929aa762c96a.exe
Size

175KB
MD5

2203ae4ee0b50dcb51ba929aa762c96a
SHA1

e57873215d3322a8d226d5f86bd5ff6f1baa4054
SHA256

0edcdbf24bda185072c7753cfc8773e7f38553f10f7fad47baec047d477d13e5
SHA512

3c23dfa1de6a4a109361cda1b242056e3e1eb8444c19037287f25df42fba7c93e79aa7d23212582a01a3cb8b4bfcb7c253b6cdf770b026794dcdd0f1a887dfb4
SSDEEP

3072:AYaV6+JMx1FkmSJZFk09ZJr+8Wo0t7TPysQuHC7pbf9rg5nrAOk/TfjuFBQnZYWt:Y6LQmSJxRrEoSPPyEi7pBcxt+TfoQn+G

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1888-0-0x0000000000400000-0x0000000000478000-memory.dmp	upx
behavioral1/memory/1888-2-0x0000000000400000-0x0000000000478000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2752	1888	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2752	1888	2203ae4ee0b50dcb51ba929aa762c96a.exe	28
PID 1888 wrote to memory of 2752	1888	2203ae4ee0b50dcb51ba929aa762c96a.exe	28
PID 1888 wrote to memory of 2752	1888	2203ae4ee0b50dcb51ba929aa762c96a.exe	28
PID 1888 wrote to memory of 2752	1888	2203ae4ee0b50dcb51ba929aa762c96a.exe	28

C:\Users\Admin\AppData\Local\Temp\2203ae4ee0b50dcb51ba929aa762c96a.exe
"C:\Users\Admin\AppData\Local\Temp\2203ae4ee0b50dcb51ba929aa762c96a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 812
  2⤵
  - Program crash
  PID:2752

memory/1888-0-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1888-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1888-2-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/1888-4-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download