66e6cf410bb79cd5dce9d9c345be2773a1c5f3f92fed65677f854e61f5918ca9

Analysis

max time kernel
146s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 23:57

Target

3e330e58b7d79a91570e4b12bb00a03d.exe
Size

3.2MB
MD5

3e330e58b7d79a91570e4b12bb00a03d
SHA1

671c52189036c478a15adc99dc9c080f8e08a9f5
SHA256

66e6cf410bb79cd5dce9d9c345be2773a1c5f3f92fed65677f854e61f5918ca9
SHA512

61868814d8cf78010f1babd2e739ece531db8826e9b001c3f8c3a0345d3b34cffa45a64a5464122015f17aabfcab2c13431c1da526edc8bc103fc8e93ecb9108
SSDEEP

49152:NcbZrshAtKEMU9WzmWfgXRRQg6F6BKbKKbe3sQ5pXvfSRWY7yRwExWInmEJVeT9f:SbGacEMGWzm6EDHZX3HhmE6T9

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3704-0-0x0000000013140000-0x000000001378B000-memory.dmp	upx
behavioral2/memory/3704-1-0x0000000013140000-0x000000001378B000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1160	3704	WerFault.exe	89
1860	3704	WerFault.exe	89

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 1160	3704	3e330e58b7d79a91570e4b12bb00a03d.exe	95
PID 3704 wrote to memory of 1160	3704	3e330e58b7d79a91570e4b12bb00a03d.exe	95
PID 3704 wrote to memory of 1160	3704	3e330e58b7d79a91570e4b12bb00a03d.exe	95

C:\Users\Admin\AppData\Local\Temp\3e330e58b7d79a91570e4b12bb00a03d.exe
"C:\Users\Admin\AppData\Local\Temp\3e330e58b7d79a91570e4b12bb00a03d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 272
  2⤵
  - Program crash
  PID:1160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 272
  2⤵
  - Program crash
  PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3704 -ip 3704
1⤵
PID:3796

memory/3704-0-0x0000000013140000-0x000000001378B000-memory.dmp

Filesize
6.3MB

Download
memory/3704-1-0x0000000013140000-0x000000001378B000-memory.dmp

Filesize
6.3MB

Download