Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 00:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
1e81fd725ded57588cdf3c2f25d93d0c.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1e81fd725ded57588cdf3c2f25d93d0c.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
1e81fd725ded57588cdf3c2f25d93d0c.exe
-
Size
456KB
-
MD5
1e81fd725ded57588cdf3c2f25d93d0c
-
SHA1
306b18f2954ae2902882e9a2f93d0bd86931c5f3
-
SHA256
c6ebf549103b1f1f90d3de4fbc565c2cd6108936536e8ae709305009d2db2a96
-
SHA512
890c8016c32323509b81f403deac00bc92d224c794e3f3819b31d9d05f7807a4e6d6246d20c654c9d1e686a679894f03622b054c5635e712dbc00f01215d0eb8
-
SSDEEP
12288:UGH3TNk/aawlefbtI5P+/trgmSXod8Rxwzf5OUwA:Uk3T7lWIc/gNwzMr
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2976 2096 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2976 2096 1e81fd725ded57588cdf3c2f25d93d0c.exe 28 PID 2096 wrote to memory of 2976 2096 1e81fd725ded57588cdf3c2f25d93d0c.exe 28 PID 2096 wrote to memory of 2976 2096 1e81fd725ded57588cdf3c2f25d93d0c.exe 28 PID 2096 wrote to memory of 2976 2096 1e81fd725ded57588cdf3c2f25d93d0c.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e81fd725ded57588cdf3c2f25d93d0c.exe"C:\Users\Admin\AppData\Local\Temp\1e81fd725ded57588cdf3c2f25d93d0c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 1442⤵
- Program crash
PID:2976
-