9bd03e9d9382ddac91f9776f222b2f4c21e8f6a2d0d6825eaec3007c353566d4 | Triage

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 23:03

Sharing

Report Analysis Logs

General

Target

ad15e06fbd085d1defdc80845925d236.exe
Size

5KB
MD5

ad15e06fbd085d1defdc80845925d236
SHA1

0e83b32e5b2e20856465f63e03c1bbc8e03c1676
SHA256

9bd03e9d9382ddac91f9776f222b2f4c21e8f6a2d0d6825eaec3007c353566d4
SHA512

6c9e5c8f2453ace4eb7ec191fecd84337f1964cd53a6891ca457e5bc6db2cf96070e10c2da0732939d3329b03601779ae65c2922162630faf54f47fc5e6efb11
SSDEEP

96:Iin2VK7IsjOzkmP5ZwKpCjDwNP3T9HqAA:hn2VKizkYge6DwBDgAA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1132-0-0x0000000000400000-0x0000000000406000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2016	1132	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2016	1132	ad15e06fbd085d1defdc80845925d236.exe	28
PID 1132 wrote to memory of 2016	1132	ad15e06fbd085d1defdc80845925d236.exe	28
PID 1132 wrote to memory of 2016	1132	ad15e06fbd085d1defdc80845925d236.exe	28
PID 1132 wrote to memory of 2016	1132	ad15e06fbd085d1defdc80845925d236.exe	28

C:\Users\Admin\AppData\Local\Temp\ad15e06fbd085d1defdc80845925d236.exe
"C:\Users\Admin\AppData\Local\Temp\ad15e06fbd085d1defdc80845925d236.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 36
  2⤵
  - Program crash
  PID:2016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1132-0-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download