c67a55ab99426ce075acd5c150f3937244dcd759bd591210e219da7a62c025f1 | Triage

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:38

Sharing

Report Analysis Logs

General

Target

366be0741b23bcd47d1b005efde16d45.exe
Size

8KB
MD5

366be0741b23bcd47d1b005efde16d45
SHA1

53c413cc84596a9df3684f3e1ed009cb974c1de3
SHA256

c67a55ab99426ce075acd5c150f3937244dcd759bd591210e219da7a62c025f1
SHA512

d535c30038600d255ffa4cb61648c5c14013e02e9a83209b804572eb58cb433ca3c440abb6f8c73754df7ed6599b57175823021f32ecabfb7474b747c84c1919
SSDEEP

192:gjmNW/ZAUk1RO1E4DEhComMAkPaQKylkqJ92MV:0bk1EnDEEomMAkPJX3L2MV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2080-1-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2648	2080	WerFault.exe	6

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2648	2080	366be0741b23bcd47d1b005efde16d45.exe	16
PID 2080 wrote to memory of 2648	2080	366be0741b23bcd47d1b005efde16d45.exe	16
PID 2080 wrote to memory of 2648	2080	366be0741b23bcd47d1b005efde16d45.exe	16
PID 2080 wrote to memory of 2648	2080	366be0741b23bcd47d1b005efde16d45.exe	16

C:\Users\Admin\AppData\Local\Temp\366be0741b23bcd47d1b005efde16d45.exe
"C:\Users\Admin\AppData\Local\Temp\366be0741b23bcd47d1b005efde16d45.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 140
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2080-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download