0f556796f860c48540489d172b5c79f01a7c928650dfaa198cb0490ed7276160

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 06:51

Target

cac25f58bf61be3bef1f9948049e7431.exe
Size

120KB
MD5

cac25f58bf61be3bef1f9948049e7431
SHA1

8d503ec4e863b918455191dce2f11c3d3e5f85ff
SHA256

0f556796f860c48540489d172b5c79f01a7c928650dfaa198cb0490ed7276160
SHA512

2044437b4d45fe16634004e9bdb618859aa7d3994b9ce5070e0312b438ec3223d624e2384959a3901979786948c6fd8a0710f19bf047ee23246aa469154b9216
SSDEEP

1536:HJThIIX/Db1Xn7nUzyO9JxkVARHoRb0ZSZdCJgLeslhFboREkz3+sNhVL4Q8vC:HJt/9XbYy7VAe04isl/boRPb+sxoq

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2356-1-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral1/memory/2356-3-0x0000000000400000-0x00000000004CD000-memory.dmp	upx
behavioral1/memory/2356-4-0x0000000000400000-0x00000000004CD000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2088	2356	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2088	2356	cac25f58bf61be3bef1f9948049e7431.exe	28
PID 2356 wrote to memory of 2088	2356	cac25f58bf61be3bef1f9948049e7431.exe	28
PID 2356 wrote to memory of 2088	2356	cac25f58bf61be3bef1f9948049e7431.exe	28
PID 2356 wrote to memory of 2088	2356	cac25f58bf61be3bef1f9948049e7431.exe	28

C:\Users\Admin\AppData\Local\Temp\cac25f58bf61be3bef1f9948049e7431.exe
"C:\Users\Admin\AppData\Local\Temp\cac25f58bf61be3bef1f9948049e7431.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 184
  2⤵
  - Program crash
  PID:2088

memory/2356-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2356-1-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2356-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2356-3-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2356-4-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download