Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
75134b548ab81fd2486c24d7a2f943fe.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
General
-
Target
75134b548ab81fd2486c24d7a2f943fe.exe
-
Size
76KB
-
MD5
75134b548ab81fd2486c24d7a2f943fe
-
SHA1
7b876b31e8fec7807e8cf3cbac75b11c9196dcd1
-
SHA256
08fd0d4fe3da3e4a714d129ddee649757b5bddee7d67574e7c3b441e1cc1d435
-
SHA512
bfc5ebf577891ca074f46a778093d9789405f75a06860dfb1de06da43d7f0584a605cdd5e02cde79d8e11c0d3f30e654353258a7e28f258c9d7cb8f69229e6f0
-
SSDEEP
1536:NMMM7nCi2Sw3rBsxAP8iKZ3NzWvdEuUaAlmlGUOj2Q2Mt9WI56pjVrs2ryrd1vUZ:wCi2Sw3Fsxi81qEPJml0R56Hs2qo
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2316 2336 WerFault.exe 75134b548ab81fd2486c24d7a2f943fe.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
75134b548ab81fd2486c24d7a2f943fe.exedescription pid process target process PID 2336 wrote to memory of 2316 2336 75134b548ab81fd2486c24d7a2f943fe.exe WerFault.exe PID 2336 wrote to memory of 2316 2336 75134b548ab81fd2486c24d7a2f943fe.exe WerFault.exe PID 2336 wrote to memory of 2316 2336 75134b548ab81fd2486c24d7a2f943fe.exe WerFault.exe PID 2336 wrote to memory of 2316 2336 75134b548ab81fd2486c24d7a2f943fe.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\75134b548ab81fd2486c24d7a2f943fe.exe"C:\Users\Admin\AppData\Local\Temp\75134b548ab81fd2486c24d7a2f943fe.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 362⤵
- Program crash
PID:2316
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2336-0-0x0000000000400000-0x0000000000425000-memory.dmpFilesize
148KB