4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 05:19

Target

4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe
Size

653KB
MD5

837739a69fe74652e34b3208181f7c70
SHA1

dd36ce818b9b0de87ea4155b57161e932f3b27e4
SHA256

4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3
SHA512

26a35a0d114b2c4665df18f766d616f7c508821d5d806a84d11352aff4f69d8d308e2e55a1678815b29ec1c9c7d5307c13efeeb019323d9f5da7af987afe57c6
SSDEEP

12288:Q3ggq6MaimNk28Rz17yJRJLyt2BDyE7TNW9yyfA5KW7/il+MRjWAehRk++:j7vmp8Rz1GJR8AB+Is9yvr7/jkP

Score

5^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2376-0-0x000000013FB30000-0x000000013FF52000-memory.dmp	upx
behavioral1/memory/2376-3-0x000000013FB30000-0x000000013FF52000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2220	2376	4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe	30
PID 2376 wrote to memory of 2220	2376	4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe	30
PID 2376 wrote to memory of 2220	2376	4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe	30

C:\Users\Admin\AppData\Local\Temp\4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe
"C:\Users\Admin\AppData\Local\Temp\4cea6e7134f492748f1a9fdf57c85c181955d94cec7932bea5430733ea4acdc3N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2376 -s 84
  2⤵
  PID:2220

memory/2376-0-0x000000013FB30000-0x000000013FF52000-memory.dmp

Filesize
4.1MB

Download
memory/2376-1-0x00000000001F0000-0x0000000000210000-memory.dmp

Filesize
128KB

Download
memory/2376-3-0x000000013FB30000-0x000000013FF52000-memory.dmp

Filesize
4.1MB

Download