Analysis

  • max time kernel
    39s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 09:40

General

  • Target

    8454e49cea6912472f6ad3a06f14a15c49ed14105ff63f26fc8fdcf4b441f4f8N.exe

  • Size

    815KB

  • MD5

    ff7f64e0714426816cddf7602c187e80

  • SHA1

    c05f3d7723ae3f8e1087f62aaa2ffafa3dadebe2

  • SHA256

    8454e49cea6912472f6ad3a06f14a15c49ed14105ff63f26fc8fdcf4b441f4f8

  • SHA512

    2e71421824a1e27270830adb632e6c10813cfd274dd4525ae533cd2d8527656d4a663ea897d83e91a9a3e0647f45a12e38777763b28d372405a2b1cfc607fc39

  • SSDEEP

    24576:7JmPMTvk9YKTv9YMFXO6b7oDlq8Yt3t4:79QYkvOk4lu2

Score
5/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8454e49cea6912472f6ad3a06f14a15c49ed14105ff63f26fc8fdcf4b441f4f8N.exe
    "C:\Users\Admin\AppData\Local\Temp\8454e49cea6912472f6ad3a06f14a15c49ed14105ff63f26fc8fdcf4b441f4f8N.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2408 -s 200
      2⤵
        PID:2716

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2408-0-0x000000013F3F0000-0x000000013F567000-memory.dmp

            Filesize

            1.5MB

          • memory/2408-1-0x000000013F3F0000-0x000000013F567000-memory.dmp

            Filesize

            1.5MB

          • memory/2408-3-0x000000013F3F0000-0x000000013F567000-memory.dmp

            Filesize

            1.5MB