Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
750ab0801973805e02ed57af432e121b.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
750ab0801973805e02ed57af432e121b.exe
-
Size
60KB
-
MD5
750ab0801973805e02ed57af432e121b
-
SHA1
6bb5827d2063c5c2261f1bebd225dc559edaf89b
-
SHA256
2cde0bb963e183d21347c2caaa235b41f4da3457746056fa7dc46a9f2962c6a5
-
SHA512
8aca52a1e434f1e80b19dfec44de5b9eaa6575b96e623483a8372488d07ab88aba29da9c85e2368ec6e64d2601378e9860062160d36927192856d127f78d011a
-
SSDEEP
1536:UAU15FUw+2MpVy0AhFXvEuPEtrLKtyfX9bH4:y33MpVmX5ILKtyFY
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2316 2264 WerFault.exe 750ab0801973805e02ed57af432e121b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
750ab0801973805e02ed57af432e121b.exedescription pid process target process PID 2264 wrote to memory of 2316 2264 750ab0801973805e02ed57af432e121b.exe WerFault.exe PID 2264 wrote to memory of 2316 2264 750ab0801973805e02ed57af432e121b.exe WerFault.exe PID 2264 wrote to memory of 2316 2264 750ab0801973805e02ed57af432e121b.exe WerFault.exe PID 2264 wrote to memory of 2316 2264 750ab0801973805e02ed57af432e121b.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\750ab0801973805e02ed57af432e121b.exe"C:\Users\Admin\AppData\Local\Temp\750ab0801973805e02ed57af432e121b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 922⤵
- Program crash
PID:2316