Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 11:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6bfc03715e8e626556aab735b86cf043.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
6bfc03715e8e626556aab735b86cf043.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
6bfc03715e8e626556aab735b86cf043.exe
-
Size
45KB
-
MD5
6bfc03715e8e626556aab735b86cf043
-
SHA1
41cbfce7a94a50a67ca9136f706ba09d503243f7
-
SHA256
e41211f0b88e4f91144a216f4be0c168b73f17a13ed7be632a30b74b078981e6
-
SHA512
20a2f75e561122624875ef653f7f194225669367c40d73fd60871426ccc22a433ee0c102e0a7b17e58290a90b317ea2803eb4fe872e6e78b0c97228fde23e987
-
SSDEEP
768:X0XR5iJsuAN39/HlDnF1UPCHYkqWAct0hAM2/90+NTHqvuFiTijsj:X0B5ii7/H5F1UPIqWAG0hX2F0UTHqvn1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 2528 1752 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 2528 1752 6bfc03715e8e626556aab735b86cf043.exe 14 PID 1752 wrote to memory of 2528 1752 6bfc03715e8e626556aab735b86cf043.exe 14 PID 1752 wrote to memory of 2528 1752 6bfc03715e8e626556aab735b86cf043.exe 14 PID 1752 wrote to memory of 2528 1752 6bfc03715e8e626556aab735b86cf043.exe 14
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 361⤵
- Program crash
PID:2528
-
C:\Users\Admin\AppData\Local\Temp\6bfc03715e8e626556aab735b86cf043.exe"C:\Users\Admin\AppData\Local\Temp\6bfc03715e8e626556aab735b86cf043.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1752