039c0727db98c572d85f57ae05bf01818ee31fe9ee3e4b174ac86524974a85f6

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 21:29

Target

7e0cec157bb5bd14f0ca529c1faa0e44.exe
Size

17KB
MD5

7e0cec157bb5bd14f0ca529c1faa0e44
SHA1

44697889edc1abe5b8812c8e2d6ac6368058496b
SHA256

039c0727db98c572d85f57ae05bf01818ee31fe9ee3e4b174ac86524974a85f6
SHA512

2d230d309dbcbe0dffee0a192060d9340074919f0d3b895cf8d2640cc788f35b1162c17ebd21dcfc3509d6889ac4f8af9f3fb32c8e706ed034f6c854f41b8447
SSDEEP

384:WXxRj94hXGdbGvHRK+LFpPO2abLLTIYIflu1gKDQ9ecUI:IbxoGdwK+TG5Lk6gKDQ8c

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	2132	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2208	2132	7e0cec157bb5bd14f0ca529c1faa0e44.exe	28
PID 2132 wrote to memory of 2208	2132	7e0cec157bb5bd14f0ca529c1faa0e44.exe	28
PID 2132 wrote to memory of 2208	2132	7e0cec157bb5bd14f0ca529c1faa0e44.exe	28
PID 2132 wrote to memory of 2208	2132	7e0cec157bb5bd14f0ca529c1faa0e44.exe	28

C:\Users\Admin\AppData\Local\Temp\7e0cec157bb5bd14f0ca529c1faa0e44.exe
"C:\Users\Admin\AppData\Local\Temp\7e0cec157bb5bd14f0ca529c1faa0e44.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 68
  2⤵
  - Program crash
  PID:2208

memory/2132-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download