08f4158081aa195d773f0caa8a2518f8936d8c66a825902a588808a00f86fab6

Analysis

max time kernel
110s
max time network
21s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 20:53

Target

09035ec9d551214692cda6c4de796e90N.exe
Size

653KB
MD5

09035ec9d551214692cda6c4de796e90
SHA1

5fe5fa5fa3e5ed3aeac9eacad09c26571821015b
SHA256

08f4158081aa195d773f0caa8a2518f8936d8c66a825902a588808a00f86fab6
SHA512

32272f1e515087630c27df5e02ece3cbc83b897f4b98ad8083af53efd3fd9fe36dc635aaabce9b09251bd0305a5d83f980893ee0ef22151c0655290d6c5304b8
SSDEEP

12288:Q3ggq6MaimNk28Rz17yJRJLyt2BDyE7TNW9yyfA5KW7/il+MRjWAehRk+S:j7vmp8Rz1GJR8AB+Is9yvr7/jkT

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2156-0-0x000000013FE10000-0x0000000140232000-memory.dmp	upx
behavioral1/memory/2156-2-0x000000013FE10000-0x0000000140232000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2664	2156	09035ec9d551214692cda6c4de796e90N.exe	31
PID 2156 wrote to memory of 2664	2156	09035ec9d551214692cda6c4de796e90N.exe	31
PID 2156 wrote to memory of 2664	2156	09035ec9d551214692cda6c4de796e90N.exe	31

C:\Users\Admin\AppData\Local\Temp\09035ec9d551214692cda6c4de796e90N.exe
"C:\Users\Admin\AppData\Local\Temp\09035ec9d551214692cda6c4de796e90N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2156 -s 84
  2⤵
  PID:2664

memory/2156-0-0x000000013FE10000-0x0000000140232000-memory.dmp

Filesize
4.1MB

Download
memory/2156-1-0x00000000000F0000-0x0000000000110000-memory.dmp

Filesize
128KB

Download
memory/2156-2-0x000000013FE10000-0x0000000140232000-memory.dmp

Filesize
4.1MB

Download