Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74ee64209260dca2a5916aaf9c59aba6.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74ee64209260dca2a5916aaf9c59aba6.exe
-
Size
32KB
-
MD5
74ee64209260dca2a5916aaf9c59aba6
-
SHA1
2faa0afe20803139f1b3fc5df406cfdcb1a9d805
-
SHA256
e3a7d2fc7c50bc2185eef6b2b9fc59c606f5be7b185e5c443d1d6345b094c480
-
SHA512
3286137911e47df266c9ebe0a5eaed1993a4114dc5c514e8883bae3f84377d2a7b60d1af9733ab32c7c4fbfdd4b497cbdbec99a381b8c2466f76e6bb3e2d4a40
-
SSDEEP
384:3dbzKqdmqn1cTG6n92xqU2kNZ8qJb579NOXIt9d59CTF5trKm:3tNd9aG6nEwJkUqJbV9Qe9d59M5tmm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2220 2180 WerFault.exe 74ee64209260dca2a5916aaf9c59aba6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74ee64209260dca2a5916aaf9c59aba6.exedescription pid process target process PID 2180 wrote to memory of 2220 2180 74ee64209260dca2a5916aaf9c59aba6.exe WerFault.exe PID 2180 wrote to memory of 2220 2180 74ee64209260dca2a5916aaf9c59aba6.exe WerFault.exe PID 2180 wrote to memory of 2220 2180 74ee64209260dca2a5916aaf9c59aba6.exe WerFault.exe PID 2180 wrote to memory of 2220 2180 74ee64209260dca2a5916aaf9c59aba6.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74ee64209260dca2a5916aaf9c59aba6.exe"C:\Users\Admin\AppData\Local\Temp\74ee64209260dca2a5916aaf9c59aba6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 882⤵
- Program crash
PID:2220