Analysis
-
max time kernel
162s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 19:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a79c347cc0f264cc37d2c203a804ac58.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a79c347cc0f264cc37d2c203a804ac58.exe
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
a79c347cc0f264cc37d2c203a804ac58.exe
-
Size
194KB
-
MD5
a79c347cc0f264cc37d2c203a804ac58
-
SHA1
0b2d6b3d3010cc005848deac046416d3dbdc48a9
-
SHA256
ca83832bf8e83ac9a97a01e589435b4666efa33d5f2f7f54b89dd58363e4a264
-
SHA512
8aabaa15dc7b5774c8f0127c4f32a10f3bcd6d48516391206e75e0f60ad99a004cb7b3f2f133c6cc74f659a227b5c71ea15f204bffbe496ce45c582c9395383a
-
SSDEEP
3072:/OlHHBuNrVw61gCi+O5MUINLEXyI1x7TzM2exumeYJnssSTMiJN:/OlHhAVw6TLO5wFcyIvexumfZIMo
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2896 2884 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2884 wrote to memory of 2896 2884 a79c347cc0f264cc37d2c203a804ac58.exe 29 PID 2884 wrote to memory of 2896 2884 a79c347cc0f264cc37d2c203a804ac58.exe 29 PID 2884 wrote to memory of 2896 2884 a79c347cc0f264cc37d2c203a804ac58.exe 29 PID 2884 wrote to memory of 2896 2884 a79c347cc0f264cc37d2c203a804ac58.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a79c347cc0f264cc37d2c203a804ac58.exe"C:\Users\Admin\AppData\Local\Temp\a79c347cc0f264cc37d2c203a804ac58.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 1282⤵
- Program crash
PID:2896
-