Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 09:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
64f3a6d029c806371c2a4f34c9a72eb7.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
64f3a6d029c806371c2a4f34c9a72eb7.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
64f3a6d029c806371c2a4f34c9a72eb7.exe
-
Size
88KB
-
MD5
64f3a6d029c806371c2a4f34c9a72eb7
-
SHA1
8018f72a14f57e3f36fe983c7ba9b8a61769812e
-
SHA256
79f64b68a3ed4b08b03e8aa83b71603a2d75289948378fb80f8d11e7f88ac887
-
SHA512
5516017eedd29534c22f23db289d94b7fc9f4d9db9dc0b3f9223b7f5568b2405d0e9923b2bc9d39a5389ffce894d528e963d11b2e458bc416bbbeb9e1c6e24d1
-
SSDEEP
1536:AoQIKo6iHk1t7qaeJdb3rydGs+af7f6QEiRvbl9lh:ANIKUytWaKb33glbl1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 1808 1248 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1248 wrote to memory of 1808 1248 64f3a6d029c806371c2a4f34c9a72eb7.exe 16 PID 1248 wrote to memory of 1808 1248 64f3a6d029c806371c2a4f34c9a72eb7.exe 16 PID 1248 wrote to memory of 1808 1248 64f3a6d029c806371c2a4f34c9a72eb7.exe 16 PID 1248 wrote to memory of 1808 1248 64f3a6d029c806371c2a4f34c9a72eb7.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 881⤵
- Program crash
PID:1808
-
C:\Users\Admin\AppData\Local\Temp\64f3a6d029c806371c2a4f34c9a72eb7.exe"C:\Users\Admin\AppData\Local\Temp\64f3a6d029c806371c2a4f34c9a72eb7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1248