Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
751d0640c7ea3941f1383643e625a68c.exe
Resource
win7-20231215-en
2 signatures
150 seconds
General
-
Target
751d0640c7ea3941f1383643e625a68c.exe
-
Size
67KB
-
MD5
751d0640c7ea3941f1383643e625a68c
-
SHA1
a6cd4324e40a53ddb6abdfaa4285bf8d8ac57495
-
SHA256
9cf1f1ada931dc7c57a993d14266935e8f5514bbcf3d93608aa7671e5a6dfe25
-
SHA512
67f63f8efbaaaed6949f3b6429b1eaebc5d7eb3cbf6426c6d478eecb58be1ca2f310ea2a8030e3405614fd5f816a7ed86e4eeefdfec23e712114d702b025eb45
-
SSDEEP
1536:mawOnbNQKLjWDyy1oYRe0YMJUEbooPRrKKRl1P3:mYNQKPWDyORe0VJltZrpRl1P3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1996 2044 WerFault.exe 751d0640c7ea3941f1383643e625a68c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
751d0640c7ea3941f1383643e625a68c.exedescription pid process target process PID 2044 wrote to memory of 1996 2044 751d0640c7ea3941f1383643e625a68c.exe WerFault.exe PID 2044 wrote to memory of 1996 2044 751d0640c7ea3941f1383643e625a68c.exe WerFault.exe PID 2044 wrote to memory of 1996 2044 751d0640c7ea3941f1383643e625a68c.exe WerFault.exe PID 2044 wrote to memory of 1996 2044 751d0640c7ea3941f1383643e625a68c.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\751d0640c7ea3941f1383643e625a68c.exe"C:\Users\Admin\AppData\Local\Temp\751d0640c7ea3941f1383643e625a68c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 1602⤵
- Program crash
PID:1996