c97aa4dba2ac333090c04cd3660d8008660077ae4dd900de0af4b41d0ababeb7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 16:12

Target

497370ff1e22574341c81269954f19bb.exe
Size

32KB
MD5

497370ff1e22574341c81269954f19bb
SHA1

3af6463fe0c7282fd425e04af682f9bf8590406c
SHA256

c97aa4dba2ac333090c04cd3660d8008660077ae4dd900de0af4b41d0ababeb7
SHA512

e233e257540654df227633caa7fdd3bcae8bb629afb3b8d1a2126e37b83741805962bab95d2b3ac9265cc1b1a3fd5d80e93d62e2cb4e4288a496e73fc918d95a
SSDEEP

768:Osms3Y7ToJT/IbK+H7+sa/65rstdfr/mJdD72WFK222S:OsmsGcAb1bCgAtx/muWU22

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2028-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	2028	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2184	2028	497370ff1e22574341c81269954f19bb.exe	28
PID 2028 wrote to memory of 2184	2028	497370ff1e22574341c81269954f19bb.exe	28
PID 2028 wrote to memory of 2184	2028	497370ff1e22574341c81269954f19bb.exe	28
PID 2028 wrote to memory of 2184	2028	497370ff1e22574341c81269954f19bb.exe	28

C:\Users\Admin\AppData\Local\Temp\497370ff1e22574341c81269954f19bb.exe
"C:\Users\Admin\AppData\Local\Temp\497370ff1e22574341c81269954f19bb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 44
  2⤵
  - Program crash
  PID:2184

memory/2028-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download