7a7bbb73651048957425b95c530ffd1c1c6bddfb9e19bdc5177e74bf7ae46a9b

Analysis

max time kernel
92s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 14:38

Target

9befcd2b9142494022320146a285a67b.exe
Size

22KB
MD5

9befcd2b9142494022320146a285a67b
SHA1

5d42037b8b99391a00ded41740eaf28d598b4e52
SHA256

7a7bbb73651048957425b95c530ffd1c1c6bddfb9e19bdc5177e74bf7ae46a9b
SHA512

9601c2269c0e89810a6eff2e29658ed75f04319cd01ae2d92f4246af8b7bde4e9f687c9acd59b115f53f7777fff8f029e070caf8f1bbaae167d7e228937af281
SSDEEP

384:s1Gg/ZS0WW8+TM+FpPnP9/DbkC0blLebbHteLT81d+FvfwAWp9pESnaNJawcudoG:yZz8+wOl/DbQ9ebbHgY1OwZBanbcuyDi

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/664-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/664-14-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\1010.ocx	9befcd2b9142494022320146a285a67b.exe
File opened for modification	C:\Windows\SysWOW64\ddr010.ocx	9befcd2b9142494022320146a285a67b.exe
File created	C:\Windows\SysWOW64\ddr010.ocx	9befcd2b9142494022320146a285a67b.exe
File created	C:\Windows\SysWOW64\New.dll	9befcd2b9142494022320146a285a67b.exe
File opened for modification	C:\Windows\SysWOW64\New.dll	9befcd2b9142494022320146a285a67b.exe
File created	C:\Windows\SysWOW64\dsound.dll.240603546	9befcd2b9142494022320146a285a67b.exe
File opened for modification	C:\Windows\SysWOW64\dsound.dll.240603546	9befcd2b9142494022320146a285a67b.exe
File opened for modification	C:\Windows\SysWOW64\1010.ocx	9befcd2b9142494022320146a285a67b.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2356	664	WerFault.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
664	9befcd2b9142494022320146a285a67b.exe
664	9befcd2b9142494022320146a285a67b.exe

C:\Users\Admin\AppData\Local\Temp\9befcd2b9142494022320146a285a67b.exe
"C:\Users\Admin\AppData\Local\Temp\9befcd2b9142494022320146a285a67b.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 368
  2⤵
  - Program crash
  PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 664 -ip 664
1⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\.data2

Filesize
483KB

MD5
c0a9b9323c93aab9e88404a82ea4b972

SHA1
a1b0f874c9c7420c108a96cef84f9652c5dccc9c

SHA256
7613aadae7224cd760def1d8891531ebe542e155ca334673976995700770d72a

SHA512
fd72873ad6ef3dbd6db43883836cdcbaa050d3d5c4a1a9516ee5ddc486062f76541800ca022f6574776fe931b3e08fcf169e3ef96c808dafbd6b9781951ddb94

Download Submit
memory/664-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/664-14-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download