22aededa8d5c755723250822f25eade2a7cd41d0d6c4aecfde63ba3d2aa62b85 | Triage

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 10:59

Sharing

Report Analysis Logs

General

Target

9b7f1f8a6582f6439e23a68454f2c3cd.exe
Size

700KB
MD5

9b7f1f8a6582f6439e23a68454f2c3cd
SHA1

72b5a4aa57cac928611d1a0b7206b0fa67519c4e
SHA256

22aededa8d5c755723250822f25eade2a7cd41d0d6c4aecfde63ba3d2aa62b85
SHA512

83dff6606ec68f3092010aa7274ac803998be81ffd977429f76bb0d71dee6e7e0eb20758f7de440291f590e00c75b6a5a26ae82b3af4df9b8d7c6b23cf707af5
SSDEEP

12288:fvKdI5jKfeRwx1n+B8JusHwxFyjS7YPtPJdU:3KdIFK2RwxVk2vHGy7lPJy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x0000000000536000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2392	2360	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2392	2360	9b7f1f8a6582f6439e23a68454f2c3cd.exe	28
PID 2360 wrote to memory of 2392	2360	9b7f1f8a6582f6439e23a68454f2c3cd.exe	28
PID 2360 wrote to memory of 2392	2360	9b7f1f8a6582f6439e23a68454f2c3cd.exe	28
PID 2360 wrote to memory of 2392	2360	9b7f1f8a6582f6439e23a68454f2c3cd.exe	28

C:\Users\Admin\AppData\Local\Temp\9b7f1f8a6582f6439e23a68454f2c3cd.exe
"C:\Users\Admin\AppData\Local\Temp\9b7f1f8a6582f6439e23a68454f2c3cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 92
  2⤵
  - Program crash
  PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2360-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download