386ff0afe48287311157a1bb17c5880ad25393baaa1fc6b3bb6bf21a03cf210d

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:06

Target

2b28474af3d311fb75c73c3501536b34.exe
Size

37KB
MD5

2b28474af3d311fb75c73c3501536b34
SHA1

d8d2b8783a121db2c4957c55a6488a3988491699
SHA256

386ff0afe48287311157a1bb17c5880ad25393baaa1fc6b3bb6bf21a03cf210d
SHA512

e5346d1cde5651dc66b3e44c23fc25705186779621b1ae0dd9188d28c24e9c26eca592462bffa60376413b943740c45a917b5dacefbb699d03628a7aa7d495c3
SSDEEP

768:Nt/KJGNknIZsGCKe1ZfqIFfUtfy+h4fqhMpB4PKOzMUPK/4f4dH:iJ6kCHRe1Zfqycg+WfgMpiPucaH

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2656-0-0x0000000000400000-0x000000000045B000-memory.dmp	upx
behavioral1/memory/2656-1-0x0000000000400000-0x000000000045B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2800	2656	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2800	2656	2b28474af3d311fb75c73c3501536b34.exe	15
PID 2656 wrote to memory of 2800	2656	2b28474af3d311fb75c73c3501536b34.exe	15
PID 2656 wrote to memory of 2800	2656	2b28474af3d311fb75c73c3501536b34.exe	15
PID 2656 wrote to memory of 2800	2656	2b28474af3d311fb75c73c3501536b34.exe	15

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 88
1⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\2b28474af3d311fb75c73c3501536b34.exe
"C:\Users\Admin\AppData\Local\Temp\2b28474af3d311fb75c73c3501536b34.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656

memory/2656-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2656-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download