0e4781e8992219df3b8184b6dd0edf09946a622df5bc56696a9c2c0de58fa78b

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 08:53

Target

406bb7d06980deea2769fb2eef0f3361.exe
Size

115KB
MD5

406bb7d06980deea2769fb2eef0f3361
SHA1

3cfe37ec66f5c8a3ca45c948745a6ad518513bdc
SHA256

0e4781e8992219df3b8184b6dd0edf09946a622df5bc56696a9c2c0de58fa78b
SHA512

e6ad74cca00c8ddce03234f36a922c3a05213bb42d328828b48fa78e6e57b41caff96fff21387de6df040e6f755faf63d9adbf8682f19625709ef7e0fc03fef2
SSDEEP

1536:Kwz8a940pa0vQxZK3LFjyOvqp2YCHNwMyjx6NeJyJn6952QYFQo6qCzaBThkelTH:KwzXpMxZi0E3wlx6NejeBQ9qCzChkG19

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2392-0-0x0000000000400000-0x0000000000494000-memory.dmp	upx
behavioral1/memory/2392-1-0x0000000000400000-0x0000000000494000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
1820	2392	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1820	2392	406bb7d06980deea2769fb2eef0f3361.exe	14
PID 2392 wrote to memory of 1820	2392	406bb7d06980deea2769fb2eef0f3361.exe	14
PID 2392 wrote to memory of 1820	2392	406bb7d06980deea2769fb2eef0f3361.exe	14
PID 2392 wrote to memory of 1820	2392	406bb7d06980deea2769fb2eef0f3361.exe	14

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 36
1⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\406bb7d06980deea2769fb2eef0f3361.exe
"C:\Users\Admin\AppData\Local\Temp\406bb7d06980deea2769fb2eef0f3361.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392

memory/2392-0-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download
memory/2392-1-0x0000000000400000-0x0000000000494000-memory.dmp

Filesize
592KB

Download