Analysis
-
max time kernel
164s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 05:40
Static task
static1
Behavioral task
behavioral1
Sample
1039b139e624eadca4e7f6cd76777f55.exe
Resource
win7-20231215-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
1039b139e624eadca4e7f6cd76777f55.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
1039b139e624eadca4e7f6cd76777f55.exe
-
Size
95KB
-
MD5
1039b139e624eadca4e7f6cd76777f55
-
SHA1
1afb6181c2df0c0495a81a8ac7df95320f1feb81
-
SHA256
17fc173ed931fdbd044fe579aa4dd285eaf77a9481c2c6e5dbcc4c74c9e28bd5
-
SHA512
37a5740d93ef8560155428b94185695f5a7551d47f7d4ce40c57b5a642c12eae26098945ad9d625af8e8d2cebb38f5d34ea748a784974f8d3cb36369243e0f7e
-
SSDEEP
1536:H8i4974x2to+LRk5E3idI40uC8TiapxZz38eQ5reKBoOslwUaVPXWCmAOZX1:H8i497YgoEzSKnuCyiOieQ5KK1kEOZX1
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2096 3276 WerFault.exe 1039b139e624eadca4e7f6cd76777f55.exe 4084 3276 WerFault.exe 1039b139e624eadca4e7f6cd76777f55.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
1039b139e624eadca4e7f6cd76777f55.exedescription pid process target process PID 3276 wrote to memory of 2096 3276 1039b139e624eadca4e7f6cd76777f55.exe WerFault.exe PID 3276 wrote to memory of 2096 3276 1039b139e624eadca4e7f6cd76777f55.exe WerFault.exe PID 3276 wrote to memory of 2096 3276 1039b139e624eadca4e7f6cd76777f55.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1039b139e624eadca4e7f6cd76777f55.exe"C:\Users\Admin\AppData\Local\Temp\1039b139e624eadca4e7f6cd76777f55.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 4842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 4842⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3276 -ip 32761⤵