b6ddb93628a00675a6f708c5871a0a78962b2c48bc797d2de2eefadeb21b8548

Analysis

max time kernel
90s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 03:29

Target

739e859390fa9f390d30120d0fa00916.exe
Size

23KB
MD5

739e859390fa9f390d30120d0fa00916
SHA1

a5ca1c61ad6531e84bcfdb746f14f4e8ec561b8b
SHA256

b6ddb93628a00675a6f708c5871a0a78962b2c48bc797d2de2eefadeb21b8548
SHA512

6783989a40c66a581dca428ba5c796a1ec722b94fad686e5ec1c4ef3673a7be5794b980fa287ce87ddceacd999947dc2baae746ec2335743303999a27e4932f0
SSDEEP

384:uxE3WCxPBAhY/dRcmkKronlpOwt/8l2mq2mfRJmpiT9Oc00l97VyE:uGmwShYRw3lpaG2mqpu00lZ

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3484-0-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral2/memory/3484-1-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral2/memory/1584-2-0x0000000000400000-0x0000000000411000-memory.dmp	upx
behavioral2/memory/1584-3-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3484 set thread context of 1584	3484	739e859390fa9f390d30120d0fa00916.exe	27

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4648	1584	WerFault.exe	27
1576	1584	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 1584	3484	739e859390fa9f390d30120d0fa00916.exe	27
PID 3484 wrote to memory of 1584	3484	739e859390fa9f390d30120d0fa00916.exe	27
PID 3484 wrote to memory of 1584	3484	739e859390fa9f390d30120d0fa00916.exe	27
PID 3484 wrote to memory of 1584	3484	739e859390fa9f390d30120d0fa00916.exe	27

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1584 -ip 1584
1⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1584 -ip 1584
1⤵
PID:3044

memory/1584-2-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1584-3-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3484-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3484-1-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download