62ac4225389ac37741e2d6aea38f600d0059b095bd96644c2e383d3616c5fd7f | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 13:59

Sharing

Report Analysis Logs

General

Target

8002f8d4e97aa6ed5d4749e4789e7c8d.exe
Size

25KB
MD5

8002f8d4e97aa6ed5d4749e4789e7c8d
SHA1

5a8db1914d23e39e824fdd6051e3af358d663fdf
SHA256

62ac4225389ac37741e2d6aea38f600d0059b095bd96644c2e383d3616c5fd7f
SHA512

414cf7660926827ce8a407e1619da94ad18d14616ca16263f592241a82b902bdedae669f63b8d9cea6809da7c62449c49e0014865dbdb4ea01d544c667d1ce39
SSDEEP

768:Ys+TtltG7sNnjpJIeLPQuBcD5Xb12y2n72AT22k:U9Vj8eDQTD5XhJW32

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2176-0-0x0000000013140000-0x000000001317D000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2116	2176	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2116	2176	8002f8d4e97aa6ed5d4749e4789e7c8d.exe	28
PID 2176 wrote to memory of 2116	2176	8002f8d4e97aa6ed5d4749e4789e7c8d.exe	28
PID 2176 wrote to memory of 2116	2176	8002f8d4e97aa6ed5d4749e4789e7c8d.exe	28
PID 2176 wrote to memory of 2116	2176	8002f8d4e97aa6ed5d4749e4789e7c8d.exe	28

C:\Users\Admin\AppData\Local\Temp\8002f8d4e97aa6ed5d4749e4789e7c8d.exe
"C:\Users\Admin\AppData\Local\Temp\8002f8d4e97aa6ed5d4749e4789e7c8d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 36
  2⤵
  - Program crash
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-0-0x0000000013140000-0x000000001317D000-memory.dmp

Filesize
244KB

Download