Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 21:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
72f1a0d4e5bae1eb02c2351e3be55b1b.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
72f1a0d4e5bae1eb02c2351e3be55b1b.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
72f1a0d4e5bae1eb02c2351e3be55b1b.exe
-
Size
67KB
-
MD5
72f1a0d4e5bae1eb02c2351e3be55b1b
-
SHA1
46a53e5baa2fcd355197e4cc5cca8adf51c0ca29
-
SHA256
5e6a4c3eab332abd97e8c655c4af8d3c41ec67e44cd412881acc0e4a6f8c0da5
-
SHA512
cdd7a8be84d43a20bada970f69841bd10af8c7afa8dd5ba20034948d67246f881b4bafc48cfaf5b4c1ad25fb27c7d770d4be6e245d7247f8ac3f739fdd7872df
-
SSDEEP
768:jSdIE6mCfD51bcgBH5T9Zztj7CzrWB7/dgSaijrOv74l3QDSHLne/3ilMYccKZ:Op0mg5Tf9u8Co2MldGYJKZ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2060 2224 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2224 wrote to memory of 2060 2224 72f1a0d4e5bae1eb02c2351e3be55b1b.exe 28 PID 2224 wrote to memory of 2060 2224 72f1a0d4e5bae1eb02c2351e3be55b1b.exe 28 PID 2224 wrote to memory of 2060 2224 72f1a0d4e5bae1eb02c2351e3be55b1b.exe 28 PID 2224 wrote to memory of 2060 2224 72f1a0d4e5bae1eb02c2351e3be55b1b.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\72f1a0d4e5bae1eb02c2351e3be55b1b.exe"C:\Users\Admin\AppData\Local\Temp\72f1a0d4e5bae1eb02c2351e3be55b1b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 882⤵
- Program crash
PID:2060
-