Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07-01-2024 05:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
481f90a1533223b37513642e6d63bb09.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
481f90a1533223b37513642e6d63bb09.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
481f90a1533223b37513642e6d63bb09.exe
-
Size
76KB
-
MD5
481f90a1533223b37513642e6d63bb09
-
SHA1
19cf88c6c792515d02ee0723f5feb7d0e8e9cb55
-
SHA256
22a83e6d0442a59aa497e6438a3bb2c6f8232284cfb7ff0cc8897c90eadb5931
-
SHA512
482101830f63152183e3e5a9ed4c257d7963fcd031552ea04b158e694f9640b779cbae806220e2e3a81442efe93fc71721db6b8799ff1dc43c31a2f22312225f
-
SSDEEP
1536:abQp1sBvlV0euusG80GS4KshictqhX7xMaB5z4YwB28UwnAScJWS:a8pOlV0BvG8tS4NictqxP4X24A7T
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1960 2440 WerFault.exe 481f90a1533223b37513642e6d63bb09.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
481f90a1533223b37513642e6d63bb09.exedescription pid process target process PID 2440 wrote to memory of 1960 2440 481f90a1533223b37513642e6d63bb09.exe WerFault.exe PID 2440 wrote to memory of 1960 2440 481f90a1533223b37513642e6d63bb09.exe WerFault.exe PID 2440 wrote to memory of 1960 2440 481f90a1533223b37513642e6d63bb09.exe WerFault.exe PID 2440 wrote to memory of 1960 2440 481f90a1533223b37513642e6d63bb09.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\481f90a1533223b37513642e6d63bb09.exe"C:\Users\Admin\AppData\Local\Temp\481f90a1533223b37513642e6d63bb09.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 1282⤵
- Program crash