0f292e1b340624c5c01d9c496f4f7b8db0c13f68cfcae8fd2e228f5af3ecf133

Analysis

max time kernel
141s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 04:18

Target

27d9e9bc3e200cde5a2f97971c14badf.exe
Size

17KB
MD5

27d9e9bc3e200cde5a2f97971c14badf
SHA1

3609e7064315b72b56890ed9d0ceb092a81e8ee9
SHA256

0f292e1b340624c5c01d9c496f4f7b8db0c13f68cfcae8fd2e228f5af3ecf133
SHA512

0650948b2b4e5049eae68c8ecf9d9cde98aa827fe8852820f122dc145ddc310ed933351186e4a0d60daed1bad9d4bfa17fea11ee9824e24e2c167dc51b77a3d5
SSDEEP

384:fLxWURh5P9JI/8JnFTeU2pi0KtlRKk18LyT4JZlrZdEWP2IdAtxQZK:zYUVs/8nTeU+mlR4mT4JZbeWP2IiQ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-0-0x0000000013140000-0x000000001317B000-memory.dmp	upx
behavioral1/memory/3028-1-0x0000000013140000-0x000000001317B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2032	3028	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2032	3028	27d9e9bc3e200cde5a2f97971c14badf.exe	28
PID 3028 wrote to memory of 2032	3028	27d9e9bc3e200cde5a2f97971c14badf.exe	28
PID 3028 wrote to memory of 2032	3028	27d9e9bc3e200cde5a2f97971c14badf.exe	28
PID 3028 wrote to memory of 2032	3028	27d9e9bc3e200cde5a2f97971c14badf.exe	28

C:\Users\Admin\AppData\Local\Temp\27d9e9bc3e200cde5a2f97971c14badf.exe
"C:\Users\Admin\AppData\Local\Temp\27d9e9bc3e200cde5a2f97971c14badf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 148
  2⤵
  - Program crash
  PID:2032

memory/3028-0-0x0000000013140000-0x000000001317B000-memory.dmp

Filesize
236KB

Download
memory/3028-1-0x0000000013140000-0x000000001317B000-memory.dmp

Filesize
236KB

Download