7554664db97f1b14807c7a651e47aa1cee9dffdafad7ee82233460aa26f4e353

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:44

Target

bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe
Size

2.4MB
MD5

e63399dff454a79fd333d28890acb8f5
SHA1

ba70cae111ebaccfabcbec161cb9d8132eb6e8d7
SHA256

bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad
SHA512

2a70289bac8a0f83f7a834878fbaac5e61cd429ac6361af6e9c49b8b250ea4d5b28f09f0cb821b004a1a3c97bc6271ffd0ff83679e1a25849a72db69cd9af699
SSDEEP

49152:6CiDQYMmRair3TL09eRuNXn+vQ/Ip083AhSYaXQcVKgvlF8/w:RHsRuNXeQ/U6hSnb3NF8

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1756-0-0x0000000000400000-0x0000000000E54000-memory.dmp	upx
behavioral1/memory/1756-2-0x0000000000400000-0x0000000000E54000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2368	1756	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2368	1756	bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe	28
PID 1756 wrote to memory of 2368	1756	bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe	28
PID 1756 wrote to memory of 2368	1756	bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe	28
PID 1756 wrote to memory of 2368	1756	bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe	28

C:\Users\Admin\AppData\Local\Temp\bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe
"C:\Users\Admin\AppData\Local\Temp\bdb1942693c1a00b5c6464ec6e9a63d9cc0e1ec9b4c421296a73b59c799eddad.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 368
  2⤵
  - Program crash
  PID:2368

memory/1756-0-0x0000000000400000-0x0000000000E54000-memory.dmp

Filesize
10.3MB

Download
memory/1756-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1756-2-0x0000000000400000-0x0000000000E54000-memory.dmp

Filesize
10.3MB

Download
memory/1756-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download