3c7dd0db6e6a3d3f1c0a8e3cc214275177195f01e970563e7ada27c2a1f44813 | Triage

Analysis

max time kernel
148s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 07:39

Sharing

Report Analysis Logs

General

Target

52ee91cfacabca5ef24726762e4aecde.exe
Size

265KB
MD5

52ee91cfacabca5ef24726762e4aecde
SHA1

74f9e935b203c39de0fb60f6d4053b71b3d1a759
SHA256

3c7dd0db6e6a3d3f1c0a8e3cc214275177195f01e970563e7ada27c2a1f44813
SHA512

a521e02f3905d2cdd1636d92335389e861eabfc581f6cb3f95437f7eadd0b27eb44b5f0c7edd8332aaf5163e87bad8be021856179f1095edce08f19e362b2eca
SSDEEP

6144:fovncf146lb4eaLR5TH8XY5x72lUP8bGDO9UuM2:fokW61aV5j72GPoGy9S2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1068-0-0x0000000000400000-0x00000000004BF000-memory.dmp	upx
behavioral2/memory/1068-4-0x0000000000400000-0x00000000004BF000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1068 set thread context of 3276	1068	52ee91cfacabca5ef24726762e4aecde.exe	17

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	3276	WerFault.exe	17

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 3276	1068	52ee91cfacabca5ef24726762e4aecde.exe	17
PID 1068 wrote to memory of 3276	1068	52ee91cfacabca5ef24726762e4aecde.exe	17
PID 1068 wrote to memory of 3276	1068	52ee91cfacabca5ef24726762e4aecde.exe	17
PID 1068 wrote to memory of 3276	1068	52ee91cfacabca5ef24726762e4aecde.exe	17

C:\Users\Admin\AppData\Local\Temp\52ee91cfacabca5ef24726762e4aecde.exe
"C:\Users\Admin\AppData\Local\Temp\52ee91cfacabca5ef24726762e4aecde.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\SysWOW64\notepad.exe
  C:\Windows\system32\notepad.exe
  2⤵
  PID:3276
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 80
    3⤵
    - Program crash
    PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3276 -ip 3276
1⤵
PID:3104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1068-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1068-4-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/1068-1-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download