57ca98c6ff1ac6e0947f4a1096b832864f7b30d7b5fe8003711af54a608dc743

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 02:00

Target

d7a0177e08c1a392a7a24c1998ba7880.exe
Size

226KB
MD5

d7a0177e08c1a392a7a24c1998ba7880
SHA1

6c6c14dcbf9a4e82d83c98c5a130bb33f7ae11c3
SHA256

57ca98c6ff1ac6e0947f4a1096b832864f7b30d7b5fe8003711af54a608dc743
SHA512

c456a7a4b4e7c694947506c07f854427dadda28e13af3ec75d99041898f74c1b857c0244b12c7a8dbf48a1926097ae1d71fab512dd46a0fe55315017157cc3b7
SSDEEP

6144:OhoL6F0sKejaaYwntDaDR83MAYQsdHSlIab/rPWVtNL:OhoOF0sKn8tGN83gQsdb0jWVr

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2892-0-0x0000000000400000-0x000000000046E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	2892	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2784	2892	d7a0177e08c1a392a7a24c1998ba7880.exe	28
PID 2892 wrote to memory of 2784	2892	d7a0177e08c1a392a7a24c1998ba7880.exe	28
PID 2892 wrote to memory of 2784	2892	d7a0177e08c1a392a7a24c1998ba7880.exe	28
PID 2892 wrote to memory of 2784	2892	d7a0177e08c1a392a7a24c1998ba7880.exe	28

C:\Users\Admin\AppData\Local\Temp\d7a0177e08c1a392a7a24c1998ba7880.exe
"C:\Users\Admin\AppData\Local\Temp\d7a0177e08c1a392a7a24c1998ba7880.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 88
  2⤵
  - Program crash
  PID:2784

memory/2892-0-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download