Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-02-2024 22:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
87c5565fc7254623178c789e8623f2e1.exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
87c5565fc7254623178c789e8623f2e1.exe
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
87c5565fc7254623178c789e8623f2e1.exe
-
Size
12KB
-
MD5
87c5565fc7254623178c789e8623f2e1
-
SHA1
10bf7be7bac83ccfdabec0337785b058f84adc1c
-
SHA256
0f94f064fc5fe9b38a51773a18c80b46b8a4a2e3efa0c26443ba3b3f544c79ae
-
SHA512
e4df7ae9d9926908199aec90c5fde97ba8a732e4f0672c96b6ae1c7df4d420d8418093e24500442a6a3f7304cc7f515cd9e7bebd2ae87f64cff5e64035e6486a
-
SSDEEP
96:cYBGrFsMSnIDuNXRumwh8dYsIsOKLjyD090W71yQtQKQYQ:cKO6NuZhMBtYi57MQjQYQ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2632 1768 WerFault.exe 87c5565fc7254623178c789e8623f2e1.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
87c5565fc7254623178c789e8623f2e1.exedescription pid process target process PID 1768 wrote to memory of 2632 1768 87c5565fc7254623178c789e8623f2e1.exe WerFault.exe PID 1768 wrote to memory of 2632 1768 87c5565fc7254623178c789e8623f2e1.exe WerFault.exe PID 1768 wrote to memory of 2632 1768 87c5565fc7254623178c789e8623f2e1.exe WerFault.exe PID 1768 wrote to memory of 2632 1768 87c5565fc7254623178c789e8623f2e1.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\87c5565fc7254623178c789e8623f2e1.exe"C:\Users\Admin\AppData\Local\Temp\87c5565fc7254623178c789e8623f2e1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 882⤵
- Program crash