236d2250d5f1a8ec93cbab6e5655d89c43d2295b207520be13c6c261b4695fdd

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:16

Target

2d041d5bececbf02fb03047767e96bc2.exe
Size

7KB
MD5

2d041d5bececbf02fb03047767e96bc2
SHA1

680505a84d6988d4f35ef30e3043c5f80223c745
SHA256

236d2250d5f1a8ec93cbab6e5655d89c43d2295b207520be13c6c261b4695fdd
SHA512

590062acc89316f3fe504de656c943102f08437c7fc9977785aa6eca82362accf3554405b624609bbfc51afad7946dbe2b0e07dbb4ed6f221c9caf7a820f72c3
SSDEEP

192:9FXzfQ5Fllkc6JE818/4IjTea/jZXtTpHTKhePjRlhjzPU/:LTmoW4Kn/jZdTpzKCjDtPU/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1416-0-0x0000000000400000-0x00000000004096A9-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
112	1416	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 112	1416	2d041d5bececbf02fb03047767e96bc2.exe	14
PID 1416 wrote to memory of 112	1416	2d041d5bececbf02fb03047767e96bc2.exe	14
PID 1416 wrote to memory of 112	1416	2d041d5bececbf02fb03047767e96bc2.exe	14
PID 1416 wrote to memory of 112	1416	2d041d5bececbf02fb03047767e96bc2.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 88
1⤵
- Program crash
PID:112

C:\Users\Admin\AppData\Local\Temp\2d041d5bececbf02fb03047767e96bc2.exe
"C:\Users\Admin\AppData\Local\Temp\2d041d5bececbf02fb03047767e96bc2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

memory/1416-0-0x0000000000400000-0x00000000004096A9-memory.dmp

Filesize
37KB

Download