8dada1d4391947c366762794313a8675e7e7831d6117a5fedb02932bcb2fe8c9

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 05:09

Target

bfec3afabeadbb1920df8ede6c4b5ceb.exe
Size

134KB
MD5

bfec3afabeadbb1920df8ede6c4b5ceb
SHA1

176f67bd9f5a253df5cc06f7bf9ac2ea09eb63dc
SHA256

8dada1d4391947c366762794313a8675e7e7831d6117a5fedb02932bcb2fe8c9
SHA512

36622f84ff6372bb7605bb3136fb839089025aaa237dde44380bbd7a4c831cf2d923315ee3b7cdda33471cbc450835c82214d4049265e4992632b3fc5fcc19b0
SSDEEP

1536:XiAbBGLfcZq5pgTJA/MjE9Yqmk8Xmfao2CvwGYxPgeDMv:X5bBGLEZ4pSA/WuYwfapCIGYxIeY

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2420-0-0x0000000013150000-0x0000000013193000-memory.dmp	upx
behavioral1/memory/2420-1-0x0000000013150000-0x0000000013193000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1400	2420	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1400	2420	bfec3afabeadbb1920df8ede6c4b5ceb.exe	28
PID 2420 wrote to memory of 1400	2420	bfec3afabeadbb1920df8ede6c4b5ceb.exe	28
PID 2420 wrote to memory of 1400	2420	bfec3afabeadbb1920df8ede6c4b5ceb.exe	28
PID 2420 wrote to memory of 1400	2420	bfec3afabeadbb1920df8ede6c4b5ceb.exe	28

C:\Users\Admin\AppData\Local\Temp\bfec3afabeadbb1920df8ede6c4b5ceb.exe
"C:\Users\Admin\AppData\Local\Temp\bfec3afabeadbb1920df8ede6c4b5ceb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 148
  2⤵
  - Program crash
  PID:1400

memory/2420-0-0x0000000013150000-0x0000000013193000-memory.dmp

Filesize
268KB

Download
memory/2420-1-0x0000000013150000-0x0000000013193000-memory.dmp

Filesize
268KB

Download