21aa906f481094ab7be14e7aa0ef715207999f1d02a02d6d6323165515cb8735

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 16:26

Target

875ac72dc56a7434d2ca402fd57382ae.exe
Size

161KB
MD5

875ac72dc56a7434d2ca402fd57382ae
SHA1

d9e2243a5bf5c3966e0a3b815d70781756b5f476
SHA256

21aa906f481094ab7be14e7aa0ef715207999f1d02a02d6d6323165515cb8735
SHA512

03fdce26b9dc10cf5401a617389964614e9d50fac8778f8009fe82fe33b7ded6b462b25a6e0e31a089c4e54dbfbd2093d2041d267199ea654ca01c0b477d4c7d
SSDEEP

1536:/aMmKEB9SeVOkNV9qpAUY539HpWwmgNkww5lx5lvLvEWgDAgvWSrSB:x29xzP53PWwnzelxEA8rSB

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x0000000000476000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1936	1712	WerFault.exe	19

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1936	1712	875ac72dc56a7434d2ca402fd57382ae.exe	28
PID 1712 wrote to memory of 1936	1712	875ac72dc56a7434d2ca402fd57382ae.exe	28
PID 1712 wrote to memory of 1936	1712	875ac72dc56a7434d2ca402fd57382ae.exe	28
PID 1712 wrote to memory of 1936	1712	875ac72dc56a7434d2ca402fd57382ae.exe	28

C:\Users\Admin\AppData\Local\Temp\875ac72dc56a7434d2ca402fd57382ae.exe
"C:\Users\Admin\AppData\Local\Temp\875ac72dc56a7434d2ca402fd57382ae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 36
  2⤵
  - Program crash
  PID:1936

memory/1712-0-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download