Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15/02/2024, 04:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe
Resource
win7-20231129-en
2 signatures
150 seconds
General
-
Target
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe
-
Size
48KB
-
MD5
1664885f055e52e20320abe1e2d6748d
-
SHA1
91c461e040f6c00437e8b703c39014f612a72508
-
SHA256
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe
-
SHA512
4df548f7f5252c40951b538ef4bc0e7a77de29e5aad74e7cffb22be9c64d8f7b1b08beabb6ff03b7cd2cdecf2daccfb5a59b47c44ddfc4218a2b4879ea0afb42
-
SSDEEP
768:p+TeBcj6u6tJ6IBBc/gyOD6elCQ8DySUrPFS7Zw6KZsLbVNkidl:p+TeBct6y/gt22Q05T6KAVNn
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2204 1540 WerFault.exe 1 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1540 wrote to memory of 2204 1540 0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe 28 PID 1540 wrote to memory of 2204 1540 0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe 28 PID 1540 wrote to memory of 2204 1540 0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe 28 PID 1540 wrote to memory of 2204 1540 0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe"C:\Users\Admin\AppData\Local\Temp\0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 6482⤵
- Program crash
PID:2204
-