7e03c7dcef3418dc78acd0eeaceb3cf12df49164b8c4f1f9edfe694db058501f

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 22:45

Target

c1cc23571c357039d9683c4c309b8fbf.exe
Size

201KB
MD5

c1cc23571c357039d9683c4c309b8fbf
SHA1

e8c55bd85cc0576bdf72cc2cd4ae1ef81248525d
SHA256

7e03c7dcef3418dc78acd0eeaceb3cf12df49164b8c4f1f9edfe694db058501f
SHA512

d87116e71e1fc69d68a75cf5b4f4fef3726ca5b923eb2e5c1ca885be33f3a3c2d7aa05334ab9202104b5ff924970cbfbc88766367adee0c7259c4879c2d84d8a
SSDEEP

3072:Yt7PnpFZ5HhBxOWjcP5v90Ny+nN9rii/it/t9fOkDjQyox4qp0nwfKnqex:YtzZ/YD0Ny+zei/FkPQyoKqpRKqe

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2724	Java.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3564-0-0x0000000000400000-0x0000000000496000-memory.dmp	upx
behavioral2/files/0x000800000002324e-4.dat	upx
behavioral2/memory/3564-6-0x0000000000400000-0x0000000000496000-memory.dmp	upx
behavioral2/memory/2724-7-0x0000000000400000-0x0000000000496000-memory.dmp	upx
behavioral2/files/0x000800000002324e-5.dat	upx
behavioral2/memory/3564-9-0x0000000000400000-0x0000000000496000-memory.dmp	upx
behavioral2/memory/2724-10-0x0000000000400000-0x0000000000496000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1132	2724	WerFault.exe	100

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 1240	3564	c1cc23571c357039d9683c4c309b8fbf.exe	98
PID 3564 wrote to memory of 1240	3564	c1cc23571c357039d9683c4c309b8fbf.exe	98
PID 3564 wrote to memory of 1240	3564	c1cc23571c357039d9683c4c309b8fbf.exe	98
PID 3564 wrote to memory of 2724	3564	c1cc23571c357039d9683c4c309b8fbf.exe	100
PID 3564 wrote to memory of 2724	3564	c1cc23571c357039d9683c4c309b8fbf.exe	100
PID 3564 wrote to memory of 2724	3564	c1cc23571c357039d9683c4c309b8fbf.exe	100
PID 2724 wrote to memory of 4504	2724	Java.exe	101
PID 2724 wrote to memory of 4504	2724	Java.exe	101
PID 2724 wrote to memory of 4504	2724	Java.exe	101
PID 1240 wrote to memory of 544	1240	net.exe	103
PID 1240 wrote to memory of 544	1240	net.exe	103
PID 1240 wrote to memory of 544	1240	net.exe	103
PID 4504 wrote to memory of 4184	4504	net.exe	104
PID 4504 wrote to memory of 4184	4504	net.exe	104
PID 4504 wrote to memory of 4184	4504	net.exe	104

C:\Users\Admin\AppData\Local\Temp\c1cc23571c357039d9683c4c309b8fbf.exe
"C:\Users\Admin\AppData\Local\Temp\c1cc23571c357039d9683c4c309b8fbf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Windows\SysWOW64\net.exe
  net stop SharedAccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1240
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop SharedAccess
    3⤵
    PID:544
- C:\Arquivos de programas\Arquivos comuns\Java.exe
  "C:\Arquivos de programas\Arquivos comuns\Java.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\SysWOW64\net.exe
    net stop SharedAccess
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SharedAccess
      4⤵
      PID:4184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 776
    3⤵
    - Program crash
    PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2724 -ip 2724
1⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4012 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3844

C:\Arquivos de Programas\Arquivos comuns\Java.exe

Filesize
2KB

MD5
8530335530ce146f0844d946718c7209

SHA1
b4e3009dca465a6e5b873c82f9e6669aabea0e33

SHA256
43e96a66321a0329cebe175066de451c5219301e49f44edbaaddabbe33c723fa

SHA512
ae83a248fe04837de1ce5aeba79caca88e9657b0726782b334f56aa1a550aab3f4c98e1688db9353aa5e601422009cb928e690e6f3102975334ee2edeb8f60e1

Download Submit
C:\Arquivos de programas\Arquivos comuns\Java.exe

Filesize
106KB

MD5
45bc1eca1a4e5db52d8866c647c6c4c2

SHA1
f417bead1439aeb83a3f52f021f437d14c4d0fb9

SHA256
490dfcca41dab254955007590421d854029405444f6e3a6d239efb122e499437

SHA512
87bdcf53436a47e35b9c9039bce8224b8d8bdde43372ee28f6c23f35f88acf1416746e71a612653efb4761eca20c3431a789b2606a4017c19105be4de9c3628b

Download Submit
memory/2724-8-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2724-7-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/2724-10-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/3564-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/3564-1-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3564-6-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/3564-9-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download