7df76a319373b547219b28e7222c97527bf6589ca2fa617e683517e98978d059

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 18:12

Target

878c566de276df6679ec513a6450f4b2.exe
Size

185KB
MD5

878c566de276df6679ec513a6450f4b2
SHA1

f2034a88a23cc38d6bf6aa8faa9173bc6b715b50
SHA256

7df76a319373b547219b28e7222c97527bf6589ca2fa617e683517e98978d059
SHA512

7257d443497fb78933208f5ae61e969dcd0eb46478901b2666e7299e3a5bee2e5a40396dbf4a03d693bf0e416ab7ba8160b81ed31fa0b497e606d80fb25cc867
SSDEEP

3072:3k1qCmOEVlxJJLf8Lk8TpUjwIdunWQrHbMsKJDVHi+mvUQwKizTDLyn6OYBQfmzN:3k1ZmOgxJJ43dOdunX7MPJDVC+g6zjaG

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2724-1-0x0000000000400000-0x0000000000495000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
864	2724	WerFault.exe	1

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 864	2724	878c566de276df6679ec513a6450f4b2.exe	13
PID 2724 wrote to memory of 864	2724	878c566de276df6679ec513a6450f4b2.exe	13
PID 2724 wrote to memory of 864	2724	878c566de276df6679ec513a6450f4b2.exe	13
PID 2724 wrote to memory of 864	2724	878c566de276df6679ec513a6450f4b2.exe	13

C:\Users\Admin\AppData\Local\Temp\878c566de276df6679ec513a6450f4b2.exe
"C:\Users\Admin\AppData\Local\Temp\878c566de276df6679ec513a6450f4b2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 124
  2⤵
  - Program crash
  PID:864

memory/2724-0-0x0000000000240000-0x000000000026B000-memory.dmp

Filesize
172KB

Download
memory/2724-1-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download