fdab9525cb89f75a156b471a0f010698f696f9f31ea27109087e2ff6a98d1c9c | Triage

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 18:30

Sharing

Report Analysis Logs

General

Target

cc1ec38432f1b8fe03d8004557c0e7e0.exe
Size

16KB
MD5

cc1ec38432f1b8fe03d8004557c0e7e0
SHA1

df2d4e61f97c1636d5a0ebb47ed3a1b5f8cf1633
SHA256

fdab9525cb89f75a156b471a0f010698f696f9f31ea27109087e2ff6a98d1c9c
SHA512

f5ba569ad09c5dc68c54325cad3005c8ad0c20d3ea9838c074a9a477bbecd9548f8f9b943279090633f135a06cb9b5484a3b4c68b2196eb4e24ded0ecbffb4a7
SSDEEP

384:4gCBMnA8Cz75RR86I3jNuWv42yBT1x2HYH5hHIlWr:GBQA1nR8LjNuWv6Bf8YZ9x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2008-2-0x000000000FA10000-0x000000000FA1F000-memory.dmp	upx
behavioral1/memory/2008-1-0x000000000FA10000-0x000000000FA1F000-memory.dmp	upx
behavioral1/memory/2008-3-0x000000000FA10000-0x000000000FA1F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	2008	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2312	2008	cc1ec38432f1b8fe03d8004557c0e7e0.exe	28
PID 2008 wrote to memory of 2312	2008	cc1ec38432f1b8fe03d8004557c0e7e0.exe	28
PID 2008 wrote to memory of 2312	2008	cc1ec38432f1b8fe03d8004557c0e7e0.exe	28
PID 2008 wrote to memory of 2312	2008	cc1ec38432f1b8fe03d8004557c0e7e0.exe	28

C:\Users\Admin\AppData\Local\Temp\cc1ec38432f1b8fe03d8004557c0e7e0.exe
"C:\Users\Admin\AppData\Local\Temp\cc1ec38432f1b8fe03d8004557c0e7e0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 36
  2⤵
  - Program crash
  PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-2-0x000000000FA10000-0x000000000FA1F000-memory.dmp

Filesize
60KB

Download
memory/2008-1-0x000000000FA10000-0x000000000FA1F000-memory.dmp

Filesize
60KB

Download
memory/2008-3-0x000000000FA10000-0x000000000FA1F000-memory.dmp

Filesize
60KB

Download