14da132222ad2b8b8636521e946b7ac893be11d833b17b90ca4b49f26312079d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 23:41

Target

b9f565cbb4415cae29a9b116ae59db9f.exe
Size

19KB
MD5

b9f565cbb4415cae29a9b116ae59db9f
SHA1

7f30f8a69ec36bfc7f5cb0a9a6f0e2f875fc8999
SHA256

14da132222ad2b8b8636521e946b7ac893be11d833b17b90ca4b49f26312079d
SHA512

c06a04aee14fcca86a0971b2e8a912ed086c0c91f08ef8ebd1410e9972434d9a6ce52b50b26f83a7958dae00d10e5b542fd686d9b4ae1a5d9edab46e412a7467
SSDEEP

384:/TrAvcH2VUkCH6sk7E0fuEkBe1de1CDyORma0+rGgEjmZEyjRPhW:/fAxVUXask5uEkB4w2ya08G/61fW

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2768-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1856	2768	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1856	2768	b9f565cbb4415cae29a9b116ae59db9f.exe	28
PID 2768 wrote to memory of 1856	2768	b9f565cbb4415cae29a9b116ae59db9f.exe	28
PID 2768 wrote to memory of 1856	2768	b9f565cbb4415cae29a9b116ae59db9f.exe	28
PID 2768 wrote to memory of 1856	2768	b9f565cbb4415cae29a9b116ae59db9f.exe	28

C:\Users\Admin\AppData\Local\Temp\b9f565cbb4415cae29a9b116ae59db9f.exe
"C:\Users\Admin\AppData\Local\Temp\b9f565cbb4415cae29a9b116ae59db9f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 36
  2⤵
  - Program crash
  PID:1856

memory/2768-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download