Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/01/2024, 22:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5998cfcd2303c474a99e163cd75a1ed4.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5998cfcd2303c474a99e163cd75a1ed4.exe
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
5998cfcd2303c474a99e163cd75a1ed4.exe
-
Size
151KB
-
MD5
5998cfcd2303c474a99e163cd75a1ed4
-
SHA1
b61b5286677e1ad33ae02b3fbc48981755f841c1
-
SHA256
22e0bd245ae5ee2e2f0de26c8e8c97af071a0cac37e7b47ac5480ba3a235ee88
-
SHA512
3a7f5ebaf27d02821e4f3ef2518a9e6381a9778af91cc8eaf5a9bfce8368b3a1fe0716db45c917478eddbb3a6c5813d591d81994b4512b445b1c0fab13e744d3
-
SSDEEP
1536:zYk9QVLpuCCxNzQqlsvwe6nvcf3zvPCfkM8u+RJMvw83q7VoagHi:39QVLCbs41nmjSfcpHMI8a7Voa
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2508 2652 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2652 wrote to memory of 2508 2652 5998cfcd2303c474a99e163cd75a1ed4.exe 28 PID 2652 wrote to memory of 2508 2652 5998cfcd2303c474a99e163cd75a1ed4.exe 28 PID 2652 wrote to memory of 2508 2652 5998cfcd2303c474a99e163cd75a1ed4.exe 28 PID 2652 wrote to memory of 2508 2652 5998cfcd2303c474a99e163cd75a1ed4.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5998cfcd2303c474a99e163cd75a1ed4.exe"C:\Users\Admin\AppData\Local\Temp\5998cfcd2303c474a99e163cd75a1ed4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 362⤵
- Program crash
PID:2508
-