Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7505b6c041e5710d1c39be2ef25dba3a.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
General
-
Target
7505b6c041e5710d1c39be2ef25dba3a.exe
-
Size
98KB
-
MD5
7505b6c041e5710d1c39be2ef25dba3a
-
SHA1
5537af95454be9cb14784f713004bdf8ba8e1d8e
-
SHA256
5ae4a8fa171ec1ad18ce7707b7cb5dc3cf5e7ab87742c31ea9515485f2c813d0
-
SHA512
d13468af1bb562a85fb1eafd61313ade85df7426e89c98dd6eb8b43a5067a52dca9f80cbdc26fda49880c10eaf9702a4c43f80fd621a3c9125a765006939b41d
-
SSDEEP
1536:3V8hZ/lGSA3AsWG6qcTTSBJ8Ud9+zQVrBrpBjNIXbl5eY8bno0QzfbLaV:F8he3gbTiJ8UGQVrBfNaeYECzjLaV
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2032 2960 WerFault.exe 7505b6c041e5710d1c39be2ef25dba3a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
7505b6c041e5710d1c39be2ef25dba3a.exedescription pid process target process PID 2960 wrote to memory of 2032 2960 7505b6c041e5710d1c39be2ef25dba3a.exe WerFault.exe PID 2960 wrote to memory of 2032 2960 7505b6c041e5710d1c39be2ef25dba3a.exe WerFault.exe PID 2960 wrote to memory of 2032 2960 7505b6c041e5710d1c39be2ef25dba3a.exe WerFault.exe PID 2960 wrote to memory of 2032 2960 7505b6c041e5710d1c39be2ef25dba3a.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7505b6c041e5710d1c39be2ef25dba3a.exe"C:\Users\Admin\AppData\Local\Temp\7505b6c041e5710d1c39be2ef25dba3a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 922⤵
- Program crash
PID:2032