507271bf65d3a27686bcda69d48002cfbbbd0dbc145b1266af890ea16bf8d5d2

Analysis

max time kernel
110s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 21:11

Target

565df4c595326350f77db475f4d1a690N.exe
Size

653KB
MD5

565df4c595326350f77db475f4d1a690
SHA1

77dcf8b9ab49ddc71d6af03169b8a6f209c32010
SHA256

507271bf65d3a27686bcda69d48002cfbbbd0dbc145b1266af890ea16bf8d5d2
SHA512

cffba301219323b44e151423cc2246bae11dae338f7a4f4c45c00c6422a7b7b3ef0866770ed32290c82e518d0867af81a1191d6afff5bb30bbde694e0e7cea6a
SSDEEP

12288:Q3ggq6MaimNk28Rz17yJRJLyt2BDyE7TNW9yyfA5KW7/il+MRjWAehRk+b:j7vmp8Rz1GJR8AB+Is9yvr7/jk+

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1752-0-0x000000013FA20000-0x000000013FE42000-memory.dmp	upx
behavioral1/memory/1752-2-0x000000013FA20000-0x000000013FE42000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1932	1752	565df4c595326350f77db475f4d1a690N.exe	31
PID 1752 wrote to memory of 1932	1752	565df4c595326350f77db475f4d1a690N.exe	31
PID 1752 wrote to memory of 1932	1752	565df4c595326350f77db475f4d1a690N.exe	31

C:\Users\Admin\AppData\Local\Temp\565df4c595326350f77db475f4d1a690N.exe
"C:\Users\Admin\AppData\Local\Temp\565df4c595326350f77db475f4d1a690N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1752 -s 84
  2⤵
  PID:1932

memory/1752-0-0x000000013FA20000-0x000000013FE42000-memory.dmp

Filesize
4.1MB

Download
memory/1752-1-0x0000000000310000-0x0000000000330000-memory.dmp

Filesize
128KB

Download
memory/1752-2-0x000000013FA20000-0x000000013FE42000-memory.dmp

Filesize
4.1MB

Download