Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24-12-2023 19:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe
-
Size
791KB
-
MD5
0d25dd6ee0b93ca45c9fd98bc9c4e08d
-
SHA1
b3e22e379fcbf004f87a2787f07ad74105726181
-
SHA256
894acb074f2c224391b7881df7eeb86d03d5f4c441b61419ec9e9dfffe72bfc3
-
SHA512
f271e303a6ccb776174e655d370f886b66bf3d85adb14324347acb8cd9c4c1fa1fac8439cdb6441871c134b003c8e936af8f091121a9d279f0e896a4e26fbf78
-
SSDEEP
12288:vRESnPFroRNGJyjTavgJIRm0CR62QmlNayX50j/N8MESmk87SgBSXBMD17:NFszoyjkoVR/lnX2SMik+uW9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2116 2256 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2256 wrote to memory of 2116 2256 0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe 16 PID 2256 wrote to memory of 2116 2256 0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe 16 PID 2256 wrote to memory of 2116 2256 0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe 16 PID 2256 wrote to memory of 2116 2256 0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe"C:\Users\Admin\AppData\Local\Temp\0d25dd6ee0b93ca45c9fd98bc9c4e08d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 1482⤵
- Program crash
PID:2116
-