Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7506471489bd04b3b3c34c1e57aeb245.exe
Resource
win7-20231129-en
windows7-x64
2 signatures
150 seconds
General
-
Target
7506471489bd04b3b3c34c1e57aeb245.exe
-
Size
92KB
-
MD5
7506471489bd04b3b3c34c1e57aeb245
-
SHA1
7903cb757236b006040a43bf41c6269bf056c886
-
SHA256
a1e514874a578e2076da82569e7f9403aed5e785d77077c42ae17ba191d422f8
-
SHA512
32971a4cdbc9c7c6d0d3cc2e5722b6621ecf2448b46f0e19d514cfbd727e3e64134450c57409660941a8c71a3869fd3be247bd079d0d7c0b3e3b43d4878212a9
-
SSDEEP
1536:Addr6vitpd0ouXECzfNVq8H/dFrVGohbNLdvONW4U+8m+6XRiAots4F+Ju50P:2dr6aXdIECbu8HF5Vth5vbf8RiRv+JpP
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2348 2332 WerFault.exe 7506471489bd04b3b3c34c1e57aeb245.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
7506471489bd04b3b3c34c1e57aeb245.exedescription pid process target process PID 2332 wrote to memory of 2348 2332 7506471489bd04b3b3c34c1e57aeb245.exe WerFault.exe PID 2332 wrote to memory of 2348 2332 7506471489bd04b3b3c34c1e57aeb245.exe WerFault.exe PID 2332 wrote to memory of 2348 2332 7506471489bd04b3b3c34c1e57aeb245.exe WerFault.exe PID 2332 wrote to memory of 2348 2332 7506471489bd04b3b3c34c1e57aeb245.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7506471489bd04b3b3c34c1e57aeb245.exe"C:\Users\Admin\AppData\Local\Temp\7506471489bd04b3b3c34c1e57aeb245.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 882⤵
- Program crash
PID:2348
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2332-0-0x0000000001BE0000-0x0000000001CB7000-memory.dmpFilesize
860KB