422cd9a21b15f91fd2da62799c5331cb410eaa94804d53e68bfa23a2ea5dc3ae

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 10:12

Target

c319f9b378303b4563f036816c222a71.exe
Size

171KB
MD5

c319f9b378303b4563f036816c222a71
SHA1

8e843bc582cf80f30ee1b4203aaef9005c0eddd0
SHA256

422cd9a21b15f91fd2da62799c5331cb410eaa94804d53e68bfa23a2ea5dc3ae
SHA512

e7125de8f1d7da055c7c5856d8948eb208b2cb87f571db2050f4d7d2cdc2e7b5f015b2528fb388cad3af838334438ebc71cb2afe037e02059906717115906a0c
SSDEEP

1536:ZrmjXb1r0y+dmcSi/4tHf1Q8/PN/PtzjxTlpW1dC7niVDgq6/f1hwjD1vfknPD:Bmf1Y5tyHC0BFzRYCO9164jD1vfE

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3016-0-0x0000000000400000-0x000000000042C000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1820	3016	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 1820	3016	c319f9b378303b4563f036816c222a71.exe	28
PID 3016 wrote to memory of 1820	3016	c319f9b378303b4563f036816c222a71.exe	28
PID 3016 wrote to memory of 1820	3016	c319f9b378303b4563f036816c222a71.exe	28
PID 3016 wrote to memory of 1820	3016	c319f9b378303b4563f036816c222a71.exe	28

C:\Users\Admin\AppData\Local\Temp\c319f9b378303b4563f036816c222a71.exe
"C:\Users\Admin\AppData\Local\Temp\c319f9b378303b4563f036816c222a71.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 96
  2⤵
  - Program crash
  PID:1820

memory/3016-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download