Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 05:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2980552bea769791a948d03e24141f6f.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2980552bea769791a948d03e24141f6f.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
2980552bea769791a948d03e24141f6f.exe
-
Size
29KB
-
MD5
2980552bea769791a948d03e24141f6f
-
SHA1
92b85bb20f9c83b187fbdd8a4bdda303e328e79c
-
SHA256
5aa4d883906f21bd821a752f4b4fbc2e87f6c42e6c5dc738782aa1ec87800c62
-
SHA512
c1c18333345dea526c0cb93003204510b732a18e16eb611d18b461523fd304f6da2135d6e02015997c6a25456e69d07df9e443b7024b3882530751c8a44ee7d1
-
SSDEEP
768:xxsXho3GHWfT2I09CjtvVsKs5cnCpl8dmfYQdn:zooHfiI092dVsbqCpl8d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1880 624 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 624 wrote to memory of 1880 624 2980552bea769791a948d03e24141f6f.exe 18 PID 624 wrote to memory of 1880 624 2980552bea769791a948d03e24141f6f.exe 18 PID 624 wrote to memory of 1880 624 2980552bea769791a948d03e24141f6f.exe 18 PID 624 wrote to memory of 1880 624 2980552bea769791a948d03e24141f6f.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\2980552bea769791a948d03e24141f6f.exe"C:\Users\Admin\AppData\Local\Temp\2980552bea769791a948d03e24141f6f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 1202⤵
- Program crash
PID:1880
-