Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 03:18
Behavioral task
behavioral1
Sample
027b29275f45d53dc57952c82fbebedc.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
027b29275f45d53dc57952c82fbebedc.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
027b29275f45d53dc57952c82fbebedc.exe
-
Size
92KB
-
MD5
027b29275f45d53dc57952c82fbebedc
-
SHA1
840174e8de57d190ca2813ccdd3b8402153847df
-
SHA256
786e90f7c69acd0f3ee2455c1c238dd27ae9354dbbd2ee6c34340ab988561a07
-
SHA512
243490270ae70a7d7ec7ebae255af2e121be1ac5b73b28ff50f08b1681c5a347212a31b67c8abceccebdcbe104f19e7b81f236f5cec04413235b7e692ae4978e
-
SSDEEP
1536:FkAt653+haDP0k43fhC726WHHVTyZ97kMSEAQsxjs9RFZCYP7:FbfMy7nlyZ979SlQH9r
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1696 1964 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1964 wrote to memory of 1696 1964 027b29275f45d53dc57952c82fbebedc.exe 28 PID 1964 wrote to memory of 1696 1964 027b29275f45d53dc57952c82fbebedc.exe 28 PID 1964 wrote to memory of 1696 1964 027b29275f45d53dc57952c82fbebedc.exe 28 PID 1964 wrote to memory of 1696 1964 027b29275f45d53dc57952c82fbebedc.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\027b29275f45d53dc57952c82fbebedc.exe"C:\Users\Admin\AppData\Local\Temp\027b29275f45d53dc57952c82fbebedc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 882⤵
- Program crash
PID:1696
-