Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
74f79c0739738fd6ab5fdadf338e9c05.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
74f79c0739738fd6ab5fdadf338e9c05.exe
-
Size
342KB
-
MD5
74f79c0739738fd6ab5fdadf338e9c05
-
SHA1
cb307be3214651b48af2996f4c7e92d2ad4b0ade
-
SHA256
bdc8ab3532c34a49d44c54fda3c4bd69eda762f5095a7da7f0cfe3f1d2c22214
-
SHA512
ac9c175015074d37458ddffda4322952325e8f4ea3a18650da5f2346fedb3a5443d85ccb6e210fe1601e3861f1fff97a929797ba83e6c384e972b1c375f14ac6
-
SSDEEP
6144:2Q2SIkatx3Nw6vn5DBvQdJnyvpzdQgTghL1cTlE3u9s8CsjJygwz:2QzmiC5dILyYgIclAu9s8Csjg
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2968 1896 WerFault.exe 74f79c0739738fd6ab5fdadf338e9c05.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
74f79c0739738fd6ab5fdadf338e9c05.exedescription pid process target process PID 1896 wrote to memory of 2968 1896 74f79c0739738fd6ab5fdadf338e9c05.exe WerFault.exe PID 1896 wrote to memory of 2968 1896 74f79c0739738fd6ab5fdadf338e9c05.exe WerFault.exe PID 1896 wrote to memory of 2968 1896 74f79c0739738fd6ab5fdadf338e9c05.exe WerFault.exe PID 1896 wrote to memory of 2968 1896 74f79c0739738fd6ab5fdadf338e9c05.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74f79c0739738fd6ab5fdadf338e9c05.exe"C:\Users\Admin\AppData\Local\Temp\74f79c0739738fd6ab5fdadf338e9c05.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1896 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 642⤵
- Program crash
PID:2968
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1896-0-0x0000000000400000-0x0000000000428200-memory.dmpFilesize
160KB