Analysis
-
max time kernel
119s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14-01-2024 03:35
Behavioral task
behavioral1
Sample
5a2b1ad3d3c828f03da52e4b0749c341.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
5a2b1ad3d3c828f03da52e4b0749c341.exe
-
Size
28.0MB
-
MD5
5a2b1ad3d3c828f03da52e4b0749c341
-
SHA1
9b658b5595b547a488208aceed71726a25e9e1e5
-
SHA256
c2b88dcf9ac7f6dc3d41e1e4c2f2376886ae60c456d5e4ff51049edc39046dd4
-
SHA512
8bab42d5597ba0a17f479e203265b19e85b948851611a4734dd1ea7498934c1908a6f04d427e15e9e22d6f24db98772e9d3d68809e8cfa9f039a0f5fde5084fa
-
SSDEEP
393216:IjazfFNKd6Q1m3ihIHi2xKAJUz2O6y94ruE3t1c8cTNjcy0Zh275H3P6I43ZpBWK:IubFK2q2xzxZpVdExoaVSI4rBF
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2740 2176 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 2740 2176 5a2b1ad3d3c828f03da52e4b0749c341.exe 28 PID 2176 wrote to memory of 2740 2176 5a2b1ad3d3c828f03da52e4b0749c341.exe 28 PID 2176 wrote to memory of 2740 2176 5a2b1ad3d3c828f03da52e4b0749c341.exe 28 PID 2176 wrote to memory of 2740 2176 5a2b1ad3d3c828f03da52e4b0749c341.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a2b1ad3d3c828f03da52e4b0749c341.exe"C:\Users\Admin\AppData\Local\Temp\5a2b1ad3d3c828f03da52e4b0749c341.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 8002⤵
- Program crash
PID:2740
-