Analysis
-
max time kernel
141s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7502e41c6ab7dbbbdf0c781244ac5e22.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
7502e41c6ab7dbbbdf0c781244ac5e22.exe
-
Size
55KB
-
MD5
7502e41c6ab7dbbbdf0c781244ac5e22
-
SHA1
797af75102cdd619301cf0919b8931eb7fed48da
-
SHA256
e0e80f760892e1a26da2ee8f073b1f8c7c36229f13f97f8bc7cee8f43805bae9
-
SHA512
8267b2a12b8bc834407e25a767af9f55963fceab688a518abda5db6274cd65b0c7a270f475f46d4ef10f786cf50efb6905de0bd931a711a768cfcba8ee2d9871
-
SSDEEP
768:0dkTIx9+V34C0daSpzrLbt42iL0ffIZTrN5bQnmqkzcbAZZk8vZQ/1H58fZXdnhg:0dkTMaIC0USp3LbDOUtkziAZZkqZqo
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1988 1276 WerFault.exe 7502e41c6ab7dbbbdf0c781244ac5e22.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
7502e41c6ab7dbbbdf0c781244ac5e22.exedescription pid process target process PID 1276 wrote to memory of 1988 1276 7502e41c6ab7dbbbdf0c781244ac5e22.exe WerFault.exe PID 1276 wrote to memory of 1988 1276 7502e41c6ab7dbbbdf0c781244ac5e22.exe WerFault.exe PID 1276 wrote to memory of 1988 1276 7502e41c6ab7dbbbdf0c781244ac5e22.exe WerFault.exe PID 1276 wrote to memory of 1988 1276 7502e41c6ab7dbbbdf0c781244ac5e22.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7502e41c6ab7dbbbdf0c781244ac5e22.exe"C:\Users\Admin\AppData\Local\Temp\7502e41c6ab7dbbbdf0c781244ac5e22.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 1402⤵
- Program crash
PID:1988
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1276-0-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB