Analysis
-
max time kernel
140s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27-01-2024 19:22
Behavioral task
behavioral1
Sample
7b11edcd04a7e45556d14bd203eb8788.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
7b11edcd04a7e45556d14bd203eb8788.exe
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
7b11edcd04a7e45556d14bd203eb8788.exe
-
Size
62KB
-
MD5
7b11edcd04a7e45556d14bd203eb8788
-
SHA1
50885810389080a24b615ead3e19aa51dd3c22a4
-
SHA256
fd885c10a6ee6c0c1b9d0b2acdd51a7e7b2f9562b1e3972aefa63a61c0dcd43a
-
SHA512
8ed6fdb5a4b7f05165d9da371085af94fea35e00b06613c7e8b87f61ef993c18289a0469c17461b8f1fac53efb7d618a78fd8d572a2e437e475184014c0ffe1c
-
SSDEEP
1536:iT8qDqQ8K9MK3tGvNwPZ6lIeXHWzl5NX3d:IqMyKdIIeXHWZh
Score
10/10
Malware Config
Signatures
-
Detect XtremeRAT payload 1 IoCs
resource yara_rule behavioral1/memory/2088-0-0x0000000010000000-0x0000000010047000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Program crash 1 IoCs
pid pid_target Process procid_target 2112 2088 WerFault.exe 15 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2112 2088 7b11edcd04a7e45556d14bd203eb8788.exe 28 PID 2088 wrote to memory of 2112 2088 7b11edcd04a7e45556d14bd203eb8788.exe 28 PID 2088 wrote to memory of 2112 2088 7b11edcd04a7e45556d14bd203eb8788.exe 28 PID 2088 wrote to memory of 2112 2088 7b11edcd04a7e45556d14bd203eb8788.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b11edcd04a7e45556d14bd203eb8788.exe"C:\Users\Admin\AppData\Local\Temp\7b11edcd04a7e45556d14bd203eb8788.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1602⤵
- Program crash
PID:2112
-