Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26-12-2023 02:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4df4f01e169cd7b5ecae33e5d59fd5fe.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4df4f01e169cd7b5ecae33e5d59fd5fe.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
4df4f01e169cd7b5ecae33e5d59fd5fe.exe
-
Size
200KB
-
MD5
4df4f01e169cd7b5ecae33e5d59fd5fe
-
SHA1
d1b1899ccd5afb5c501bd5384ab35af9cbe7edf4
-
SHA256
414d797cab0bd691fb3dd24064334d2cccee96b414a61ef315e7cb5fe0d76de2
-
SHA512
a0b994e858ffd5f8e44651d94af3461b149ef325732d24fed595b25cbd0711627dd3353ee87895d5dc23889ed4d89cf0636a085692e657d529054b0d19204d3b
-
SSDEEP
3072:Y69S8Z8jprujIivwslnsn9+JuJbfoL2wVHTZhQTWVyc+LpfJQlKTCC4H:19Swvwslnsn9+JuJbfoL2wVH9eI+NJcH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2888 1032 WerFault.exe 27 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1032 4df4f01e169cd7b5ecae33e5d59fd5fe.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1032 wrote to memory of 2888 1032 4df4f01e169cd7b5ecae33e5d59fd5fe.exe 28 PID 1032 wrote to memory of 2888 1032 4df4f01e169cd7b5ecae33e5d59fd5fe.exe 28 PID 1032 wrote to memory of 2888 1032 4df4f01e169cd7b5ecae33e5d59fd5fe.exe 28 PID 1032 wrote to memory of 2888 1032 4df4f01e169cd7b5ecae33e5d59fd5fe.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4df4f01e169cd7b5ecae33e5d59fd5fe.exe"C:\Users\Admin\AppData\Local\Temp\4df4f01e169cd7b5ecae33e5d59fd5fe.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 1882⤵
- Program crash
PID:2888
-