75e4875d6a22a1991f4ba86c4f4fd3a9f509f182b11a3ba5a81d614683f1f1d9

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 18:41

Target

753aa809e9840a85d8cb724df65dd257.exe
Size

6KB
MD5

753aa809e9840a85d8cb724df65dd257
SHA1

2258d63d00ab55a124da4e476e9571f29ba1bb27
SHA256

75e4875d6a22a1991f4ba86c4f4fd3a9f509f182b11a3ba5a81d614683f1f1d9
SHA512

808a570ab5e11028110b4a621c1841aede87c81536550781942cf2c6f41af700b2d13c7232687ba756e8d2affab8083d4877bc039be417fbd3fce4d851d9f886
SSDEEP

96:kdJwLyfEQ9TwDd1m6iRa95C9IKYNOXqWjTLQ/RNVzYiiAJO5QRK35m:KffncbuaW9IKYEaWj41zYKJ1g5m

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1980-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1980-1-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2804	1980	WerFault.exe	12

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2804	1980	753aa809e9840a85d8cb724df65dd257.exe	28
PID 1980 wrote to memory of 2804	1980	753aa809e9840a85d8cb724df65dd257.exe	28
PID 1980 wrote to memory of 2804	1980	753aa809e9840a85d8cb724df65dd257.exe	28
PID 1980 wrote to memory of 2804	1980	753aa809e9840a85d8cb724df65dd257.exe	28

C:\Users\Admin\AppData\Local\Temp\753aa809e9840a85d8cb724df65dd257.exe
"C:\Users\Admin\AppData\Local\Temp\753aa809e9840a85d8cb724df65dd257.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 92
  2⤵
  - Program crash
  PID:2804

memory/1980-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1980-1-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download