Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 22:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
403a2186e663fb8b6d18563b5dd686cc.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
403a2186e663fb8b6d18563b5dd686cc.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
403a2186e663fb8b6d18563b5dd686cc.exe
-
Size
77KB
-
MD5
403a2186e663fb8b6d18563b5dd686cc
-
SHA1
de1f2837dc00b0e0b5391fedb601257b26c3e60e
-
SHA256
eac7a29a4601f5e9f4bfca4abd9764a04621fe8d1269f22469d199959dab5f99
-
SHA512
20b055fcee64763846c0862600153b58b4676932ad1d5eddda3ec65afc14273aec2e62750b45c2f0d03495b328b1c003d8c9e74fb2602198582f3a784beeab5a
-
SSDEEP
1536:Cxo6gExWsX8Yy08331hsVKgQYFHJO1heJ6wlAziHIPiFcQ++ps78o6JlIK:YgE4sy083lhsVF7H0sAzioPl7Ws78o6p
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 2572 2332 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2572 2332 403a2186e663fb8b6d18563b5dd686cc.exe 16 PID 2332 wrote to memory of 2572 2332 403a2186e663fb8b6d18563b5dd686cc.exe 16 PID 2332 wrote to memory of 2572 2332 403a2186e663fb8b6d18563b5dd686cc.exe 16 PID 2332 wrote to memory of 2572 2332 403a2186e663fb8b6d18563b5dd686cc.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 1521⤵
- Program crash
PID:2572
-
C:\Users\Admin\AppData\Local\Temp\403a2186e663fb8b6d18563b5dd686cc.exe"C:\Users\Admin\AppData\Local\Temp\403a2186e663fb8b6d18563b5dd686cc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2332