Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12-10-2023 13:16
Behavioral task
behavioral1
Sample
2720-16-0x0000000000400000-0x0000000000711000-memory.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
General
-
Target
2720-16-0x0000000000400000-0x0000000000711000-memory.exe
-
Size
3.1MB
-
MD5
77d11816d68bf38de4de2d98ecfa1673
-
SHA1
bd60da4f91cd73b1c713b9c58d5fe7a0ad49ba1d
-
SHA256
d10851170a9478522aa307d4e4a004cee2b56578ba8a439175dc0e10635babdf
-
SHA512
53af5af0ba633fa010a85f70775b3422a99ea2802e98c48dd1ba92a1979140d494d9c7df12ab613f997813ca5bcc8c1a9f31c6a2ab8ce139e4919bf9e8e50cf2
-
SSDEEP
3072:KwZx7tPwbpTK8Q5Uzf4JElJvIT4DZeeRqTNJ4:bZ1xwbJKAzAElJA8M064
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2584 2020 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2584 2020 2720-16-0x0000000000400000-0x0000000000711000-memory.exe 28 PID 2020 wrote to memory of 2584 2020 2720-16-0x0000000000400000-0x0000000000711000-memory.exe 28 PID 2020 wrote to memory of 2584 2020 2720-16-0x0000000000400000-0x0000000000711000-memory.exe 28 PID 2020 wrote to memory of 2584 2020 2720-16-0x0000000000400000-0x0000000000711000-memory.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2720-16-0x0000000000400000-0x0000000000711000-memory.exe"C:\Users\Admin\AppData\Local\Temp\2720-16-0x0000000000400000-0x0000000000711000-memory.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 362⤵
- Program crash
PID:2584
-