Analysis
-
max time kernel
122s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 18:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
00a7fb26f752a8cd6748f7d56d6d0452.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
00a7fb26f752a8cd6748f7d56d6d0452.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
00a7fb26f752a8cd6748f7d56d6d0452.exe
-
Size
28KB
-
MD5
00a7fb26f752a8cd6748f7d56d6d0452
-
SHA1
32cbb0feefcc9eeea413f110aae6fd2b051533ec
-
SHA256
fc7e5f1c05c1fb43af8f29016de197e0c0e95775d624fbdd3762a17c2194ae89
-
SHA512
9c2626f2c9490760c45d393b78c33a3fd9dad53cca2c2262bcc87fc2ff286588ea8483a83e17166ac8873ad9642c46e10ef0f92e2906287733ce0ebf1a1aba5d
-
SSDEEP
192:yJvPTCh13Ata1Utwi1oyn25okipR8EWx5VRtTwZxf1I/Tzoz0ZY6yNFZ+w7:APTNam6i1DtA5b9ie/Tzoc+37
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3056 2464 WerFault.exe 9 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2464 wrote to memory of 3056 2464 00a7fb26f752a8cd6748f7d56d6d0452.exe 19 PID 2464 wrote to memory of 3056 2464 00a7fb26f752a8cd6748f7d56d6d0452.exe 19 PID 2464 wrote to memory of 3056 2464 00a7fb26f752a8cd6748f7d56d6d0452.exe 19 PID 2464 wrote to memory of 3056 2464 00a7fb26f752a8cd6748f7d56d6d0452.exe 19
Processes
-
C:\Users\Admin\AppData\Local\Temp\00a7fb26f752a8cd6748f7d56d6d0452.exe"C:\Users\Admin\AppData\Local\Temp\00a7fb26f752a8cd6748f7d56d6d0452.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 1482⤵
- Program crash
PID:3056
-