Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05-01-2024 23:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
44af416d357139a4f9f5f1f5ea48eaa6.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
44af416d357139a4f9f5f1f5ea48eaa6.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
44af416d357139a4f9f5f1f5ea48eaa6.exe
-
Size
40KB
-
MD5
44af416d357139a4f9f5f1f5ea48eaa6
-
SHA1
b323027e4cbfdd4dce84d3b188561e2ba5c8e1fc
-
SHA256
21c9f57d98fb0df03afe61d35256a95923252846d8d20b6c4409f288a0b434fd
-
SHA512
732fb62786913a4bbf8cacbc98111fa9e3b27f6955a14cb7bd8e5b6a86c4a9111c585561f6e8d26d1fc1357b3f8230d5c67e898365b905673c43fda53cac2eae
-
SSDEEP
768:PB2JGYVNfV6vrFDPwp2Gt7YHN0m5vcdXwPXDzHvzExAPOE/3MwVrJ7H8oWXRrK:p2oAfIrJwp2Gium5vcxwPzzvzEx6L/Fb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 1792 1520 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1520 wrote to memory of 1792 1520 44af416d357139a4f9f5f1f5ea48eaa6.exe 16 PID 1520 wrote to memory of 1792 1520 44af416d357139a4f9f5f1f5ea48eaa6.exe 16 PID 1520 wrote to memory of 1792 1520 44af416d357139a4f9f5f1f5ea48eaa6.exe 16 PID 1520 wrote to memory of 1792 1520 44af416d357139a4f9f5f1f5ea48eaa6.exe 16
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 441⤵
- Program crash
PID:1792
-
C:\Users\Admin\AppData\Local\Temp\44af416d357139a4f9f5f1f5ea48eaa6.exe"C:\Users\Admin\AppData\Local\Temp\44af416d357139a4f9f5f1f5ea48eaa6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1520