Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
19/07/2023, 12:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Confirmación de transferencia.exe
Resource
win7-20230712-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Confirmación de transferencia.exe
Resource
win10v2004-20230703-en
13 signatures
150 seconds
General
-
Target
Confirmación de transferencia.exe
-
Size
590KB
-
MD5
23e2e7bd3d1d30d4881b382d10a54c9c
-
SHA1
a75a3fc37c081a8e36eb46a64d1673e541369782
-
SHA256
1a1c58b80969ae187cde83fd32586d6072f8b66eae0dd3ae81c7b0d015d5c308
-
SHA512
493fdd35c6db8574d10f2dfdd19040fbdaca9bae7599393a9cec93c3fde1f775804ed8994b6d37c3171f52e61a7beb1afad300a0aa93d92abb1f53c878996d9b
-
SSDEEP
12288:pyPYPfY7hJGELu3yqwhy5kD8KeNjIqhlVSKZ2jv:MPYPgXqCqwE5uze+qfD2j
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2180 2476 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2476 wrote to memory of 2180 2476 Confirmación de transferencia.exe 30 PID 2476 wrote to memory of 2180 2476 Confirmación de transferencia.exe 30 PID 2476 wrote to memory of 2180 2476 Confirmación de transferencia.exe 30 PID 2476 wrote to memory of 2180 2476 Confirmación de transferencia.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Confirmación de transferencia.exe"C:\Users\Admin\AppData\Local\Temp\Confirmación de transferencia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 6802⤵
- Program crash
PID:2180
-