7a77afdf9a0ab8a195aa85968828d1ac657f31b3e727bddaf2f904efef70fb4e

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 10:56

Target

a1b1492532c494d335cdf8e7cfd0b9de.exe
Size

53KB
MD5

a1b1492532c494d335cdf8e7cfd0b9de
SHA1

25fd9abee75dd617251182e092942a3e7aac2e3a
SHA256

7a77afdf9a0ab8a195aa85968828d1ac657f31b3e727bddaf2f904efef70fb4e
SHA512

1b03c321bd17254e6398764103420aaadf09737c1dd584c8bde4b441ecb572fb5ce2e4303d91535cfbd8c588d63337963e1ca518371b4b25d12e558b77d46a39
SSDEEP

768:Zhev+Cfoy66DiOTZ0zWnTk+3q390Yuw1GJ7a0zJopCixbRwqbOfMprHb78nUGb7W:qboCVTZ0+Ts+hc0mgfi/vG/Q8Bwp

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2032-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx
behavioral1/memory/2032-1-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1112	2032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1112	2032	a1b1492532c494d335cdf8e7cfd0b9de.exe	28
PID 2032 wrote to memory of 1112	2032	a1b1492532c494d335cdf8e7cfd0b9de.exe	28
PID 2032 wrote to memory of 1112	2032	a1b1492532c494d335cdf8e7cfd0b9de.exe	28
PID 2032 wrote to memory of 1112	2032	a1b1492532c494d335cdf8e7cfd0b9de.exe	28

C:\Users\Admin\AppData\Local\Temp\a1b1492532c494d335cdf8e7cfd0b9de.exe
"C:\Users\Admin\AppData\Local\Temp\a1b1492532c494d335cdf8e7cfd0b9de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 88
  2⤵
  - Program crash
  PID:1112

memory/2032-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2032-1-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download