25460ce2aa92306fa6fa5013b21fddf8b3c91a051f6e375a409fa29d4345ddc3

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 13:57

Target

999832701e097b4df874fbb87f8b5493.exe
Size

180KB
MD5

999832701e097b4df874fbb87f8b5493
SHA1

23fc61c44059f3c8f39f1993c01fd137e742e7f3
SHA256

25460ce2aa92306fa6fa5013b21fddf8b3c91a051f6e375a409fa29d4345ddc3
SHA512

b1c00bda168de96345fa9c62ec5134f158885218427f796bec1295368e5cc9ea19eecc1f7880df9d378a2dfa6654e1afd002b0f6c0aa462f8017aa0235e2efb2
SSDEEP

3072:nkCilETaJMYe9zRkWX8GNwivYLZ0x3aktMdUKniHOD3XvrhaenrV:nkCF8Pe8u/YL2RM6uG4dlnrV

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2672-0-0x0000000001000000-0x0000000001056000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2860	2672	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2860	2672	999832701e097b4df874fbb87f8b5493.exe	29
PID 2672 wrote to memory of 2860	2672	999832701e097b4df874fbb87f8b5493.exe	29
PID 2672 wrote to memory of 2860	2672	999832701e097b4df874fbb87f8b5493.exe	29
PID 2672 wrote to memory of 2860	2672	999832701e097b4df874fbb87f8b5493.exe	29

C:\Users\Admin\AppData\Local\Temp\999832701e097b4df874fbb87f8b5493.exe
"C:\Users\Admin\AppData\Local\Temp\999832701e097b4df874fbb87f8b5493.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 100
  2⤵
  - Program crash
  PID:2860

memory/2672-0-0x0000000001000000-0x0000000001056000-memory.dmp

Filesize
344KB

Download