Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 01:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
59eab4961e3424f1f9c263a533f92f31.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
59eab4961e3424f1f9c263a533f92f31.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
59eab4961e3424f1f9c263a533f92f31.exe
-
Size
416KB
-
MD5
59eab4961e3424f1f9c263a533f92f31
-
SHA1
1ab0bf58bd887e4190943ecae0025659b23f67d9
-
SHA256
e31fea169d7931948b5b444418bf375a47043235c1c7d74212f049963b85cd97
-
SHA512
f7585f64268ba21be8fd1c61b6ffa5dd9bf006f437702188e2fc6c9e25eb185c55782e92634e373ac3474267916eb33e87d335ce36fc4514aaaf7981b530bd50
-
SSDEEP
6144:z5+D7gBPTc/bSUkWb0/N+hKBdCPQHNB91QJptQfZK6:MKICWbMtB1WYh
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3028 2980 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2980 wrote to memory of 3028 2980 59eab4961e3424f1f9c263a533f92f31.exe 28 PID 2980 wrote to memory of 3028 2980 59eab4961e3424f1f9c263a533f92f31.exe 28 PID 2980 wrote to memory of 3028 2980 59eab4961e3424f1f9c263a533f92f31.exe 28 PID 2980 wrote to memory of 3028 2980 59eab4961e3424f1f9c263a533f92f31.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\59eab4961e3424f1f9c263a533f92f31.exe"C:\Users\Admin\AppData\Local\Temp\59eab4961e3424f1f9c263a533f92f31.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 1442⤵
- Program crash
PID:3028
-