Analysis
-
max time kernel
158s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10/01/2024, 04:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4f9123159da69d1f04fe7d176e02ed0c.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f9123159da69d1f04fe7d176e02ed0c.exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4f9123159da69d1f04fe7d176e02ed0c.exe
-
Size
23KB
-
MD5
4f9123159da69d1f04fe7d176e02ed0c
-
SHA1
b3d7b919a586938241f31a8b06ad8ec911081de2
-
SHA256
3e7c493cc1be7a304bb341c49eeb66d10f3a1a62e31fceb098bf80d8b8e6e080
-
SHA512
7f124bb44c87164c8b9413798ed9825ac576e462927b2090b04cd2ac3a0524c1f71320a61d7dec2c20dd223dd0a4d23f24f74c7b5db436d31e1170aad079303c
-
SSDEEP
384:rE6wtKQrmtUtsJATklnnEOP5pkXLzrpYc1n2uqsjc3Ah+Dx95JWJlxl9Z9FRC:rE6ZQKtUyJTnEw4XrpYun2uGU+l9cl5K
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 3572 3236 WerFault.exe 88 2468 3236 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3236 wrote to memory of 3572 3236 4f9123159da69d1f04fe7d176e02ed0c.exe 93 PID 3236 wrote to memory of 3572 3236 4f9123159da69d1f04fe7d176e02ed0c.exe 93 PID 3236 wrote to memory of 3572 3236 4f9123159da69d1f04fe7d176e02ed0c.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe"C:\Users\Admin\AppData\Local\Temp\4f9123159da69d1f04fe7d176e02ed0c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3236 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 2242⤵
- Program crash
PID:3572
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 2242⤵
- Program crash
PID:2468
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3236 -ip 32361⤵PID:5092