Analysis
-
max time kernel
193s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
37e02df90603a38818fbcc9041228775.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
37e02df90603a38818fbcc9041228775.exe
Resource
win10v2004-20231215-en
17 signatures
150 seconds
General
-
Target
37e02df90603a38818fbcc9041228775.exe
-
Size
107KB
-
MD5
37e02df90603a38818fbcc9041228775
-
SHA1
32198a93f20df4a29f44bba89b0ccffabaa21aff
-
SHA256
64b9a4b36169ffeb39dfac106718fb140c9a992ffc874ed619684b5543ddc988
-
SHA512
75e909a1a0083ac721529142b357485ad5c6b530ce53fe1a27e67613ba45e732478be729c185385b6b5483ce2725445ff2adc1badf5abfb67865574cd294f7e5
-
SSDEEP
3072:i3G3tSK/Js/V3j5H6IhdfU4AlVaP5r83H9hMaT:Z9S+JAlH68KlVaP5r83H3Ma
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2612 2724 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2724 wrote to memory of 2612 2724 37e02df90603a38818fbcc9041228775.exe 29 PID 2724 wrote to memory of 2612 2724 37e02df90603a38818fbcc9041228775.exe 29 PID 2724 wrote to memory of 2612 2724 37e02df90603a38818fbcc9041228775.exe 29 PID 2724 wrote to memory of 2612 2724 37e02df90603a38818fbcc9041228775.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\37e02df90603a38818fbcc9041228775.exe"C:\Users\Admin\AppData\Local\Temp\37e02df90603a38818fbcc9041228775.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 1602⤵
- Program crash
PID:2612
-