8cc29fdfa1aadebd86578b559740f0c81230d217ac1ff6fd374cf82f8ac59e45

Analysis

max time kernel
153s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 09:08

Target

407368198536de4c8175e48a35434e54.exe
Size

15KB
MD5

407368198536de4c8175e48a35434e54
SHA1

1b686a2e8ae78438538f9f0ba45f77e87ea5c9b6
SHA256

8cc29fdfa1aadebd86578b559740f0c81230d217ac1ff6fd374cf82f8ac59e45
SHA512

9e23db5a63030d926c007503137733361011f275a9de4961d24ee6dba5cc5645e8630344a8629bea61f81a7ce91bbdf6b51c24a4e37bbe7b97522c54a3b65572
SSDEEP

192:AqWJyaJCMitJtmJnBVSotA1TlDhXNvjA+j3w15NbJP7EdKJlx23cv5H9WwkzleOm:AqWdJCRtc9Ipdls+jg117rvcsvZ+bOP

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/868-0-0x0000000001000000-0x000000000100C000-memory.dmp	upx
behavioral1/memory/868-1-0x0000000001000000-0x000000000100C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2460	868	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 2460	868	407368198536de4c8175e48a35434e54.exe	27
PID 868 wrote to memory of 2460	868	407368198536de4c8175e48a35434e54.exe	27
PID 868 wrote to memory of 2460	868	407368198536de4c8175e48a35434e54.exe	27
PID 868 wrote to memory of 2460	868	407368198536de4c8175e48a35434e54.exe	27

C:\Users\Admin\AppData\Local\Temp\407368198536de4c8175e48a35434e54.exe
"C:\Users\Admin\AppData\Local\Temp\407368198536de4c8175e48a35434e54.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 120
  2⤵
  - Program crash
  PID:2460

memory/868-0-0x0000000001000000-0x000000000100C000-memory.dmp

Filesize
48KB

Download
memory/868-1-0x0000000001000000-0x000000000100C000-memory.dmp

Filesize
48KB

Download