e49ccd5108b8a88f359d9ddcb7bf8250a6995a5faa7eafb3a5f283f037aa4736

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 04:22

Target

c4f5b8fb117ec3ca8cd9a25da958608a.exe
Size

143KB
MD5

c4f5b8fb117ec3ca8cd9a25da958608a
SHA1

156e14bfdb186add1fcc89d207f77e1a005c4870
SHA256

e49ccd5108b8a88f359d9ddcb7bf8250a6995a5faa7eafb3a5f283f037aa4736
SHA512

5714a0576d1fe74db3279db6021d53d1663307d5c91a4ff3253178d69ca9f3f451378f845cee6ef14f0923f877c8e88175a0b1d2eb7e56589cdfbb2b3b10e0a9
SSDEEP

3072:0leoms0qZfY/ECdmgqSR6xSd2tLYITwVLXhyl4ik7cjwsu12R4+6:0lepog/Eo8pYITo1w4ik7k5Fq+

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3040-0-0x0000000000400000-0x000000000042E000-memory.dmp	upx
behavioral1/memory/3040-1-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2040	3040	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2040	3040	c4f5b8fb117ec3ca8cd9a25da958608a.exe	28
PID 3040 wrote to memory of 2040	3040	c4f5b8fb117ec3ca8cd9a25da958608a.exe	28
PID 3040 wrote to memory of 2040	3040	c4f5b8fb117ec3ca8cd9a25da958608a.exe	28
PID 3040 wrote to memory of 2040	3040	c4f5b8fb117ec3ca8cd9a25da958608a.exe	28

C:\Users\Admin\AppData\Local\Temp\c4f5b8fb117ec3ca8cd9a25da958608a.exe
"C:\Users\Admin\AppData\Local\Temp\c4f5b8fb117ec3ca8cd9a25da958608a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 144
  2⤵
  - Program crash
  PID:2040

memory/3040-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3040-1-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download