5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 15:20

Target

5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe
Size

5.2MB
MD5

d4263375e93336eaf9e995fd9fb39c67
SHA1

9b41a491eba4201eb1c17098975075823e2a906b
SHA256

5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e
SHA512

72dc1300c734b794afd0e099e92fecf70f0498a088af6e601a639693a5603ac08094cd8dbb7fca73efb888430c918964a225c97b1bf97b1f79201e2800b6f9b7
SSDEEP

98304:T+S9bg8EB1vpptqlzD7Ns01MpkWoVMRuT7mGfVmH68leOq8:yMc8ELztkD7J7VLnmKVma8sP8

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1440-0-0x0000000000DC0000-0x0000000001844000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2344 1440 WerFault.exe 5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe

pid	pid_target	process	target process
2344	1440	WerFault.exe	5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe

description	pid	process	target process
PID 1440 wrote to memory of 2344	1440	5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe	WerFault.exe
PID 1440 wrote to memory of 2344	1440	5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe	WerFault.exe
PID 1440 wrote to memory of 2344	1440	5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe	WerFault.exe
PID 1440 wrote to memory of 2344	1440	5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe
"C:\Users\Admin\AppData\Local\Temp\5d6c4eee2c72d0eb10b4bf1e56a30d22986a28938e08b198033cd361d4cdd76e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
2⤵
- Program crash
PID:2344

memory/1440-0-0x0000000000DC0000-0x0000000001844000-memory.dmp

Filesize
10.5MB

Download