Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74eee7d93dff2a85ab5dfea5ea2c55e3.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74eee7d93dff2a85ab5dfea5ea2c55e3.exe
-
Size
47KB
-
MD5
74eee7d93dff2a85ab5dfea5ea2c55e3
-
SHA1
5fd2e75df24a729e4e4fe88c7d58ea845e04a630
-
SHA256
37094757f1fd789719462114c2880344c555e7e432626e0a4aceab4bc2225d92
-
SHA512
5e945a33b8e5cb80db72c6747346609d12482c1b3bb499d553d89e201e452a46e330434cc0db4a0aa71b18be3efc7cb9274ad50aff4a68840d0c4b249c17830c
-
SSDEEP
768:s40TqJOddXy+D2IwxkANpq7l2Oq5BX0roTWJCM30z5uBNaycMKXvhkxX:hFiJbD2IwxHPDnkCdzaN3KAX
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1944 2964 WerFault.exe 74eee7d93dff2a85ab5dfea5ea2c55e3.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74eee7d93dff2a85ab5dfea5ea2c55e3.exedescription pid process target process PID 2964 wrote to memory of 1944 2964 74eee7d93dff2a85ab5dfea5ea2c55e3.exe WerFault.exe PID 2964 wrote to memory of 1944 2964 74eee7d93dff2a85ab5dfea5ea2c55e3.exe WerFault.exe PID 2964 wrote to memory of 1944 2964 74eee7d93dff2a85ab5dfea5ea2c55e3.exe WerFault.exe PID 2964 wrote to memory of 1944 2964 74eee7d93dff2a85ab5dfea5ea2c55e3.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74eee7d93dff2a85ab5dfea5ea2c55e3.exe"C:\Users\Admin\AppData\Local\Temp\74eee7d93dff2a85ab5dfea5ea2c55e3.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2964 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 1482⤵
- Program crash
PID:1944