1e6588f131021ab0e3f1ee5d7cd52f5ff3c20f38e751fad9ba069a0a9f075d33 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 06:26

Sharing

Report Analysis Logs

General

Target

7f1ea919dd0c001ef1845ba2dfee8836.exe
Size

18KB
MD5

7f1ea919dd0c001ef1845ba2dfee8836
SHA1

9d56c5dcf6a793670eda1970c4eb77de0d914130
SHA256

1e6588f131021ab0e3f1ee5d7cd52f5ff3c20f38e751fad9ba069a0a9f075d33
SHA512

7cb2af6281763179759720c00932dbd1e859d84c114b1c62b73a28bcfe62be160ec4ea35ca6597bfd3b6f5415b8f064c25208b410deacf40d9181a5800f26a57
SSDEEP

384:zgFgjEMA5GFHiug9J/tWp5CUq7oWb8IYqx2uJ9D:E0VHfp5+J8ZMJF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1044-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1920	1044	WerFault.exe	18

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1920	1044	7f1ea919dd0c001ef1845ba2dfee8836.exe	28
PID 1044 wrote to memory of 1920	1044	7f1ea919dd0c001ef1845ba2dfee8836.exe	28
PID 1044 wrote to memory of 1920	1044	7f1ea919dd0c001ef1845ba2dfee8836.exe	28
PID 1044 wrote to memory of 1920	1044	7f1ea919dd0c001ef1845ba2dfee8836.exe	28

C:\Users\Admin\AppData\Local\Temp\7f1ea919dd0c001ef1845ba2dfee8836.exe
"C:\Users\Admin\AppData\Local\Temp\7f1ea919dd0c001ef1845ba2dfee8836.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 80
  2⤵
  - Program crash
  PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download