Analysis
-
max time kernel
122s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 00:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
451c6d0ff8c6d9f0e898bf727cc28038.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
451c6d0ff8c6d9f0e898bf727cc28038.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
451c6d0ff8c6d9f0e898bf727cc28038.exe
-
Size
171KB
-
MD5
451c6d0ff8c6d9f0e898bf727cc28038
-
SHA1
449291b68ce0271ffc5250ca8ab4dd3ca29e6236
-
SHA256
cfe48cc70b927b207aee5de66e70cd5d9bd88c242ec2601ddef979fbb9d6bba1
-
SHA512
8a749c6fc4c2dc4d98e30496cb1b21e25b301a6650bccde49ca69c26cf01d921942dba1210799219286ec309f2843f0f8894982a3e901dd400566d3b71b6d7a1
-
SSDEEP
3072:Dl8doxmi5W2uiQ1lpgEACD2DXtEgQINk5iLoAFzcjlKBXaFIQ:34yuiQ5gEACDwWFIi5KCl4g
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2660 2632 WerFault.exe 20 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2632 wrote to memory of 2660 2632 451c6d0ff8c6d9f0e898bf727cc28038.exe 29 PID 2632 wrote to memory of 2660 2632 451c6d0ff8c6d9f0e898bf727cc28038.exe 29 PID 2632 wrote to memory of 2660 2632 451c6d0ff8c6d9f0e898bf727cc28038.exe 29 PID 2632 wrote to memory of 2660 2632 451c6d0ff8c6d9f0e898bf727cc28038.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\451c6d0ff8c6d9f0e898bf727cc28038.exe"C:\Users\Admin\AppData\Local\Temp\451c6d0ff8c6d9f0e898bf727cc28038.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2632 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 362⤵
- Program crash
PID:2660
-