Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
751a964546f61ebb759a2a3fe1bb299a.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
751a964546f61ebb759a2a3fe1bb299a.exe
-
Size
112KB
-
MD5
751a964546f61ebb759a2a3fe1bb299a
-
SHA1
88edc8738a26a9d36c0b25f85756d2ee26ed6ee7
-
SHA256
a18af41a925eef5f801a3adfedc8ded3a81b4177ca661797315f8a02a1bd018a
-
SHA512
e4e2261e1a02f848d5569daa4edf13e6185aa47fcdce661e6c55f675bac1d9b1ab828c8bbc8d8218849509dc1cfaca0daa79596929585a568b3cff2c3fd3ceee
-
SSDEEP
1536:ozF8e0I06ZW0rh1QFJnba6mAzeT/ldQbFXdprhyzOYaIeAsZHzU0ofwye5l9iHdW:ne07srbkba+zeDQRyb4ZTU0of0lc9iz
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2008 2060 WerFault.exe 751a964546f61ebb759a2a3fe1bb299a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
751a964546f61ebb759a2a3fe1bb299a.exedescription pid process target process PID 2060 wrote to memory of 2008 2060 751a964546f61ebb759a2a3fe1bb299a.exe WerFault.exe PID 2060 wrote to memory of 2008 2060 751a964546f61ebb759a2a3fe1bb299a.exe WerFault.exe PID 2060 wrote to memory of 2008 2060 751a964546f61ebb759a2a3fe1bb299a.exe WerFault.exe PID 2060 wrote to memory of 2008 2060 751a964546f61ebb759a2a3fe1bb299a.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\751a964546f61ebb759a2a3fe1bb299a.exe"C:\Users\Admin\AppData\Local\Temp\751a964546f61ebb759a2a3fe1bb299a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2060 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 362⤵
- Program crash
PID:2008