ac7c2f1a4332d82c75e60880e07d4693423d595c95b8f2d3dc6850e46e142ea4 | Triage

Analysis

max time kernel
160s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 19:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5137adf7a2cf33b7c83fef135d369aeb.exe
Size

31KB
MD5

5137adf7a2cf33b7c83fef135d369aeb
SHA1

4f1e1ae22ca8750125132c7600840f52b2856094
SHA256

ac7c2f1a4332d82c75e60880e07d4693423d595c95b8f2d3dc6850e46e142ea4
SHA512

13886d1a1406d943f8c9d9f5b7aa2ee2659428b6eb34f39090f4c0b9250239ca7dabc8856c0b97a4b6841db0171b8abba6faf5d12edacf9a99c087a72557fdf0
SSDEEP

768:HuJmmVfwgWfCfjR1mTGkLE+TLzVoCqASF:HUlqUR1CVoCNS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3936-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral2/memory/3936-1-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral2/memory/3936-3-0x0000000000400000-0x000000000042B000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1120	3936	WerFault.exe	88
4068	3936	WerFault.exe	88

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 1120	3936	5137adf7a2cf33b7c83fef135d369aeb.exe	96
PID 3936 wrote to memory of 1120	3936	5137adf7a2cf33b7c83fef135d369aeb.exe	96
PID 3936 wrote to memory of 1120	3936	5137adf7a2cf33b7c83fef135d369aeb.exe	96

C:\Users\Admin\AppData\Local\Temp\5137adf7a2cf33b7c83fef135d369aeb.exe
"C:\Users\Admin\AppData\Local\Temp\5137adf7a2cf33b7c83fef135d369aeb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 480
  2⤵
  - Program crash
  PID:1120
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 480
  2⤵
  - Program crash
  PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3936 -ip 3936
1⤵
PID:4604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3936-1-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3936-2-0x0000000000600000-0x0000000000606000-memory.dmp

Filesize
24KB

Download
memory/3936-3-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download