Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 19:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0267354b80fa2bec716d16a6ab9014c2.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0267354b80fa2bec716d16a6ab9014c2.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
0267354b80fa2bec716d16a6ab9014c2.exe
-
Size
375KB
-
MD5
0267354b80fa2bec716d16a6ab9014c2
-
SHA1
197f6ae241465596c533f1743e6265d603e74f34
-
SHA256
7fbc3765a6b753cf5aa3d3e63abae6ae393face330794daa4960b8b5a4fd3efb
-
SHA512
0778c4436e408e818eb334b937e3bcc59c51c90edddb2d59bdc0f37061c3739ff9d81638a1f8413bf8bb9cf28cffa14ae98dd5e40004696f728351a3c49dc5d9
-
SSDEEP
6144:0hmemWJKMHDr6YUhf8oEMUdkK1/OyKF+T5QI6RK8i5YMROWFRhmamWJKg:0KCDrBU+oEHdh1Gy0+T5QIF8dMAWFVK
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2664 2428 WerFault.exe 16 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2428 wrote to memory of 2664 2428 0267354b80fa2bec716d16a6ab9014c2.exe 28 PID 2428 wrote to memory of 2664 2428 0267354b80fa2bec716d16a6ab9014c2.exe 28 PID 2428 wrote to memory of 2664 2428 0267354b80fa2bec716d16a6ab9014c2.exe 28 PID 2428 wrote to memory of 2664 2428 0267354b80fa2bec716d16a6ab9014c2.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0267354b80fa2bec716d16a6ab9014c2.exe"C:\Users\Admin\AppData\Local\Temp\0267354b80fa2bec716d16a6ab9014c2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 6282⤵
- Program crash
PID:2664
-