Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03-02-2024 05:39
Behavioral task
behavioral1
Sample
8b8906519296413ac4d4938c90f4e99d.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
8b8906519296413ac4d4938c90f4e99d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
8b8906519296413ac4d4938c90f4e99d.exe
-
Size
19KB
-
MD5
8b8906519296413ac4d4938c90f4e99d
-
SHA1
e67e33288b3074584848d5ee4bddd3e33da98d5c
-
SHA256
7e1816a41a784973fd34d1e942ccbc4d6827945e773363f2dca941f7eb1f667b
-
SHA512
eed27d83a44181c6fcbfe85154a79c46e85f7a099df294bf8e74cd423bd5ffbe01132bbb8113cbf6a9d613803e962f749800f9884c77f2266fc6fe0aa39ca667
-
SSDEEP
192:fuCOnAyG+Ak2O/bURNMc7wjElJUt61RbsVlrmskV/BHXrRrxYH7SjYeKckoxhFtV:fuCO0k2OzUJsoqSb6lQV57f29ckoxsK
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1752-0-0x0000000000400000-0x0000000000411000-memory.dmp upx behavioral1/memory/1752-1-0x0000000000400000-0x0000000000411000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2544 1752 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 2544 1752 8b8906519296413ac4d4938c90f4e99d.exe 28 PID 1752 wrote to memory of 2544 1752 8b8906519296413ac4d4938c90f4e99d.exe 28 PID 1752 wrote to memory of 2544 1752 8b8906519296413ac4d4938c90f4e99d.exe 28 PID 1752 wrote to memory of 2544 1752 8b8906519296413ac4d4938c90f4e99d.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b8906519296413ac4d4938c90f4e99d.exe"C:\Users\Admin\AppData\Local\Temp\8b8906519296413ac4d4938c90f4e99d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 682⤵
- Program crash
PID:2544
-