cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:14

Target

cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe
Size

786KB
MD5

a94a191acc6da90ad016261f00fe2342
SHA1

42a849b694140a619c527eeee4346281ec5273b2
SHA256

cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f
SHA512

0dbe071c687b8d974eef0daccf97e3b79bf5f0d3dc05bf0df477858eec0f0c944e5fb2d893e1abb730f6c1f013fef782053685075fea6220f35de2ea2638156d
SSDEEP

12288:RGCq5mWm6F2KatSSuDTBYKgUaDVJj/9Si4KdEncueifML5PntWWSvvIH:WpbnSwTZgrDVJr93PueeMLzYvv

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F3B0000-0x000000013F532000-memory.dmp	upx
behavioral1/memory/2404-1-0x000000013F3B0000-0x000000013F532000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2404	cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1736	2404	cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe	31
PID 2404 wrote to memory of 1736	2404	cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe	31
PID 2404 wrote to memory of 1736	2404	cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe	31

C:\Users\Admin\AppData\Local\Temp\cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe
"C:\Users\Admin\AppData\Local\Temp\cd1eeb8935161dd8418e344bc1e1de0ea10c84605a5dbbc72900b56a8ddb937f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2404 -s 244
  2⤵
  PID:1736

memory/2404-0-0x000000013F3B0000-0x000000013F532000-memory.dmp

Filesize
1.5MB

Download
memory/2404-1-0x000000013F3B0000-0x000000013F532000-memory.dmp

Filesize
1.5MB

Download