Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03-02-2024 13:35
Behavioral task
behavioral1
Sample
ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe
-
Size
1.5MB
-
MD5
d47b6e128cc5797062d81250aee93ba1
-
SHA1
0b91e05746b1b48f30e5f9d2d733584f02dd856b
-
SHA256
ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984
-
SHA512
eb4a944e390fbb2d2033915ecb975abbcf57b63d443eb58a1dcb1def6ae28a57e7c2766eb52eaa360fe7754dd63f297eba5780859abc6d57ace43f7254bbd8d6
-
SSDEEP
24576:sEWnbDqMa30NjOufUcsPOFDSVXT5X4fnlOXwMhDgiya:vMDha3YOuf7sPO6XT5X4lE1ki1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2452 wrote to memory of 2180 2452 ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe 28 PID 2452 wrote to memory of 2180 2452 ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe 28 PID 2452 wrote to memory of 2180 2452 ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe"C:\Users\Admin\AppData\Local\Temp\ffa4c6e4c0ad7f90dbef6fafc142e824cbf17aacd2e86db41028f33a631a4984.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2452 -s 1362⤵PID:2180
-