da006d6d696d6b5ef17f6e488ad101135d6877036f0e9b2cd59fbcc64b99730e

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 15:51

Target

3a6751a147c296933b78c42779a92e6d.exe
Size

57KB
MD5

3a6751a147c296933b78c42779a92e6d
SHA1

f01e0830e48f6cf29f08970fdb7f33198fd7bd3e
SHA256

da006d6d696d6b5ef17f6e488ad101135d6877036f0e9b2cd59fbcc64b99730e
SHA512

cc6cc792142895750fa7791622dd4acc11fe9573d6fa7116e648572b93b8574b7b59f419583314ef35157d151ff8108fe685d2b613a7c0c93056162f6faa1705
SSDEEP

1536:f0KYsV5EyK3ud6uSMkpJxbTbAjYxNygeBeILL/z239nouy8+FGiaK:HV5Eywuwu1ax2RgPILzAoutM

Score

7^/10

upx

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1744-0-0x0000000000400000-0x0000000000480000-memory.dmp	upx
behavioral1/memory/1744-4-0x00000000027E0000-0x0000000002860000-memory.dmp	upx
behavioral1/memory/2772-16-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2772-15-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2772-14-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2772-12-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/1744-17-0x0000000000400000-0x0000000000480000-memory.dmp	upx
behavioral1/memory/2772-8-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2772-6-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

Processes:

3a6751a147c296933b78c42779a92e6d.exe

description pid process target process

PID 1744 set thread context of 2772 1744 3a6751a147c296933b78c42779a92e6d.exe 3a6751a147c296933b78c42779a92e6d.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2792 2772 WerFault.exe 3a6751a147c296933b78c42779a92e6d.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

3a6751a147c296933b78c42779a92e6d.exe

pid process

1744 3a6751a147c296933b78c42779a92e6d.exe

description	pid	process	target process
PID 1744 set thread context of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe

pid	pid_target	process	target process
2792	2772	WerFault.exe	3a6751a147c296933b78c42779a92e6d.exe

pid	process
1744	3a6751a147c296933b78c42779a92e6d.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

3a6751a147c296933b78c42779a92e6d.exe3a6751a147c296933b78c42779a92e6d.exe

description	pid	process	target process
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 1744 wrote to memory of 2772	1744	3a6751a147c296933b78c42779a92e6d.exe	3a6751a147c296933b78c42779a92e6d.exe
PID 2772 wrote to memory of 2792	2772	3a6751a147c296933b78c42779a92e6d.exe	WerFault.exe
PID 2772 wrote to memory of 2792	2772	3a6751a147c296933b78c42779a92e6d.exe	WerFault.exe
PID 2772 wrote to memory of 2792	2772	3a6751a147c296933b78c42779a92e6d.exe	WerFault.exe
PID 2772 wrote to memory of 2792	2772	3a6751a147c296933b78c42779a92e6d.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\3a6751a147c296933b78c42779a92e6d.exe
C:\Users\Admin\AppData\Local\Temp\3a6751a147c296933b78c42779a92e6d.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 116
3⤵
- Program crash
PID:2792

memory/1744-0-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/1744-4-0x00000000027E0000-0x0000000002860000-memory.dmp

Filesize
512KB

Download
memory/1744-17-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2772-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-16-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-15-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-14-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-12-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2772-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2772-6-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download