2fc3c26f35de5edfec2d004fd57c85c561515ed6053250644e494ca1ecb32f71

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 21:32

Target

b9b557e96155afe08fd92d274cf064e2.exe
Size

11KB
MD5

b9b557e96155afe08fd92d274cf064e2
SHA1

8c0df27bab74c94c0bdf369b9f7a591ccf32a74c
SHA256

2fc3c26f35de5edfec2d004fd57c85c561515ed6053250644e494ca1ecb32f71
SHA512

319c2c4f01bd1e14153188589dce1c37ba35d17d20356c2bdc00ec99f7bb2defceca5adc3fff3a0061ad3c9cfdd4bfcce171ed0a407904d400fdb61aa7202f70
SSDEEP

192:Z2+dWN7hhxWVOXbModQHehXcPHxhCE0DOdxOZtbyArzWEIzB:ZGuAMsZevNK8x8trzWEIzB

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/2512-1-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2756	2512	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2756	2512	b9b557e96155afe08fd92d274cf064e2.exe	28
PID 2512 wrote to memory of 2756	2512	b9b557e96155afe08fd92d274cf064e2.exe	28
PID 2512 wrote to memory of 2756	2512	b9b557e96155afe08fd92d274cf064e2.exe	28
PID 2512 wrote to memory of 2756	2512	b9b557e96155afe08fd92d274cf064e2.exe	28

C:\Users\Admin\AppData\Local\Temp\b9b557e96155afe08fd92d274cf064e2.exe
"C:\Users\Admin\AppData\Local\Temp\b9b557e96155afe08fd92d274cf064e2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 148
  2⤵
  - Program crash
  PID:2756

memory/2512-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2512-1-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download