Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 03:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
26bbacd0c7b740f4749a2e8caf320e11.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
26bbacd0c7b740f4749a2e8caf320e11.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
26bbacd0c7b740f4749a2e8caf320e11.exe
-
Size
160KB
-
MD5
26bbacd0c7b740f4749a2e8caf320e11
-
SHA1
7863aba9306fe7c94a9f2547a0d394b290faf372
-
SHA256
d0070cf8c99289bfc52b01f9d4d69e1cd56d7295e8911321c0f75a49620f9aa4
-
SHA512
afa242d2c831e3e488df66c4606a6f64102010433eee0a8363b918b527ccf220a3d171d855163dbd060442cfe6240e2bf6c2b4ca0267176873d3f7a0dc2278ea
-
SSDEEP
3072:igAjGlAMq+WZoaMLpqZEAMyTefzP5odupVqR0lhQjN/F3FeESruT:igAjGlAMqtoZ3jM/NF
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1752 2340 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2340 wrote to memory of 1752 2340 26bbacd0c7b740f4749a2e8caf320e11.exe 28 PID 2340 wrote to memory of 1752 2340 26bbacd0c7b740f4749a2e8caf320e11.exe 28 PID 2340 wrote to memory of 1752 2340 26bbacd0c7b740f4749a2e8caf320e11.exe 28 PID 2340 wrote to memory of 1752 2340 26bbacd0c7b740f4749a2e8caf320e11.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\26bbacd0c7b740f4749a2e8caf320e11.exe"C:\Users\Admin\AppData\Local\Temp\26bbacd0c7b740f4749a2e8caf320e11.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 1042⤵
- Program crash
PID:1752
-