Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/01/2024, 13:46
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67c572b4f57edb7258dfd2798900468e.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
67c572b4f57edb7258dfd2798900468e.exe
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
67c572b4f57edb7258dfd2798900468e.exe
-
Size
132KB
-
MD5
67c572b4f57edb7258dfd2798900468e
-
SHA1
9f4b10a8636f97f0500b719e3168e5ab01c5a78f
-
SHA256
89ae728d57be25f06553edbe3e0a88ce4974490d12e1e77d96c1313613c8b276
-
SHA512
096ebe0ac7fff58354bd91a6a396731e2d1360fa95db168c88b3339b6f4365bbe0a5266cb93edd38546272a1ff7eceaaaf4599b29ba39ed735668c92b99ab05a
-
SSDEEP
3072:TSu9kFL86YnkNG8EBZV9cMfWpb8HWk2hFtWtdgtiF0t9e:TdkFLPG8ErLcMepbe3FtCtMUe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1700 2936 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2936 wrote to memory of 1700 2936 67c572b4f57edb7258dfd2798900468e.exe 28 PID 2936 wrote to memory of 1700 2936 67c572b4f57edb7258dfd2798900468e.exe 28 PID 2936 wrote to memory of 1700 2936 67c572b4f57edb7258dfd2798900468e.exe 28 PID 2936 wrote to memory of 1700 2936 67c572b4f57edb7258dfd2798900468e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\67c572b4f57edb7258dfd2798900468e.exe"C:\Users\Admin\AppData\Local\Temp\67c572b4f57edb7258dfd2798900468e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 362⤵
- Program crash
PID:1700
-