ce7302028fe24455243efe9b04fd7172deeeb64fdabb91280f83fc40b1537e02 | Triage

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 03:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

645d3fccb3f786ef851bb93566d6c17c.exe
Size

53KB
MD5

645d3fccb3f786ef851bb93566d6c17c
SHA1

90aecf68589164f550dc48d92395bf4cb760817a
SHA256

ce7302028fe24455243efe9b04fd7172deeeb64fdabb91280f83fc40b1537e02
SHA512

bc07667c946ce1f4626b06a81408fffa49946897ca0877bed4115f293fe24c4b19379054c9495686eaf6dec8ab07d0d90946507e1e2c9a0cdb57cc1790913cca
SSDEEP

1536:A/MuMRmeZdkPohK12HyB5SzCfH3h5FLOJ5j4p:QMXR7ZdvKWyB5SzAXnFLikp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral1/memory/1736-2-0x0000000000400000-0x0000000000428000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	1736	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2372	1736	645d3fccb3f786ef851bb93566d6c17c.exe	28
PID 1736 wrote to memory of 2372	1736	645d3fccb3f786ef851bb93566d6c17c.exe	28
PID 1736 wrote to memory of 2372	1736	645d3fccb3f786ef851bb93566d6c17c.exe	28
PID 1736 wrote to memory of 2372	1736	645d3fccb3f786ef851bb93566d6c17c.exe	28

C:\Users\Admin\AppData\Local\Temp\645d3fccb3f786ef851bb93566d6c17c.exe
"C:\Users\Admin\AppData\Local\Temp\645d3fccb3f786ef851bb93566d6c17c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 120
  2⤵
  - Program crash
  PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1736-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1736-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download