Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 12:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
18b520bb97c0412c733d6dbe8b37b258.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
18b520bb97c0412c733d6dbe8b37b258.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
18b520bb97c0412c733d6dbe8b37b258.exe
-
Size
369KB
-
MD5
18b520bb97c0412c733d6dbe8b37b258
-
SHA1
e6231b0273f4ea079664864b30c814049d2d3166
-
SHA256
f94cfd8ab58629f8ee069d7c90c0abf62288fa5a2f9f4e3bf6e324e406535a80
-
SHA512
e2e3abbb645d1691dd4a8990e820f35ce2356017e5e626fc9f9443f2bf7884cf12d15040f469216bf513dcf6c2e14a7b2566fa5bcb33b0978c9690859edb381f
-
SSDEEP
6144:oyGSJaTjrFaZrop7WyBGkT99wlm8a9vEGGCOZVU+iOutYGSxegt78CElL6YLy:oyETlaZMp7WyIY8l2XGCOZV9iOu6GEOI
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1828 2300 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2300 wrote to memory of 1828 2300 18b520bb97c0412c733d6dbe8b37b258.exe 28 PID 2300 wrote to memory of 1828 2300 18b520bb97c0412c733d6dbe8b37b258.exe 28 PID 2300 wrote to memory of 1828 2300 18b520bb97c0412c733d6dbe8b37b258.exe 28 PID 2300 wrote to memory of 1828 2300 18b520bb97c0412c733d6dbe8b37b258.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\18b520bb97c0412c733d6dbe8b37b258.exe"C:\Users\Admin\AppData\Local\Temp\18b520bb97c0412c733d6dbe8b37b258.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 2042⤵
- Program crash
PID:1828
-