Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 14:40
Behavioral task
behavioral1
Sample
c85dff9876de50a3f2f370894674225e.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
c85dff9876de50a3f2f370894674225e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
c85dff9876de50a3f2f370894674225e.exe
-
Size
99KB
-
MD5
c85dff9876de50a3f2f370894674225e
-
SHA1
fdcf515133086c021c6c6b352a59726796cc0da4
-
SHA256
59cf2b4d0c802188bb86b63ee8bf6032575e0a61a1e4ac93e39f377f073123f4
-
SHA512
b54413b69b84a5cd81a515723ec4decbe6eaea444ed11225dc02ac33f3dfc441f2ef73fcb57da783ca149eec70fdc95868b4e9b57cfcf8a50be5efae1d50a1dd
-
SSDEEP
1536:eB88XdvpLwCyl5UQ8ZwkeYmYTRZfA5kw/3UBbtoERrKKlr5:BOXwIvwkVRT45kw/3yO0rpll
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/3020-0-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral1/memory/3020-1-0x0000000000400000-0x0000000000454000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 1360 3020 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 1360 3020 c85dff9876de50a3f2f370894674225e.exe 28 PID 3020 wrote to memory of 1360 3020 c85dff9876de50a3f2f370894674225e.exe 28 PID 3020 wrote to memory of 1360 3020 c85dff9876de50a3f2f370894674225e.exe 28 PID 3020 wrote to memory of 1360 3020 c85dff9876de50a3f2f370894674225e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\c85dff9876de50a3f2f370894674225e.exe"C:\Users\Admin\AppData\Local\Temp\c85dff9876de50a3f2f370894674225e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 882⤵
- Program crash
PID:1360
-