Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74eac85a9ca9cf204db13572ce2b66de.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74eac85a9ca9cf204db13572ce2b66de.exe
-
Size
1.2MB
-
MD5
74eac85a9ca9cf204db13572ce2b66de
-
SHA1
9d4e1e07d86f25a73a23bbc08ce845e35e974a9f
-
SHA256
8823ba606460d8e04daab629ec4e3727ff48ee8424c96afd217b05682d8b7096
-
SHA512
e8e1d2b9e8a7dfa1f4f16620eb7ef37b8d13baa8bbfa971ebdde78fefb83f2b0c1e808a2e0661ce7367d96c93fc0ae26979e06b1fa9ff268fb3fb7196cf9714a
-
SSDEEP
24576:mr2ASCt7vJQ+RhKNOIU54SgWOnvgvIgxNITJnAE/rt:mJvA5UaWOnvyNItAEp
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2364 2128 WerFault.exe 74eac85a9ca9cf204db13572ce2b66de.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74eac85a9ca9cf204db13572ce2b66de.exedescription pid process target process PID 2128 wrote to memory of 2364 2128 74eac85a9ca9cf204db13572ce2b66de.exe WerFault.exe PID 2128 wrote to memory of 2364 2128 74eac85a9ca9cf204db13572ce2b66de.exe WerFault.exe PID 2128 wrote to memory of 2364 2128 74eac85a9ca9cf204db13572ce2b66de.exe WerFault.exe PID 2128 wrote to memory of 2364 2128 74eac85a9ca9cf204db13572ce2b66de.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74eac85a9ca9cf204db13572ce2b66de.exe"C:\Users\Admin\AppData\Local\Temp\74eac85a9ca9cf204db13572ce2b66de.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 1282⤵
- Program crash
PID:2364
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2128-0-0x0000000010000000-0x0000000010098000-memory.dmpFilesize
608KB