Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-02-2024 02:24
Static task
static1
Behavioral task
behavioral1
Sample
9a25ab8bdaa157c47a64fc2b0a1e443a.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
9a25ab8bdaa157c47a64fc2b0a1e443a.exe
-
Size
432KB
-
MD5
9a25ab8bdaa157c47a64fc2b0a1e443a
-
SHA1
c96cc57a7bfeaf3415005965974ad721ffebdbbe
-
SHA256
14123370ea7689a1be3d067a5a53c96c47aaf2573714a08b65a25369a7523517
-
SHA512
010a8f22d17a7b17afc70c9ed12ca9a532108e99d1f3fb0dc59a0339473395aaf87781d83a14aff4bce751d4b2417f1d0edf16b6afe186ff9c325100058fed41
-
SSDEEP
12288:yh1Fk70Tnvjc2VlQeYvNdJ5rIHrtrwM/22w:8k70Trc2V96NdcHrtm5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2532 1972 WerFault.exe 6 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
9a25ab8bdaa157c47a64fc2b0a1e443a.exedescription pid Process procid_target PID 1972 wrote to memory of 2532 1972 9a25ab8bdaa157c47a64fc2b0a1e443a.exe 29 PID 1972 wrote to memory of 2532 1972 9a25ab8bdaa157c47a64fc2b0a1e443a.exe 29 PID 1972 wrote to memory of 2532 1972 9a25ab8bdaa157c47a64fc2b0a1e443a.exe 29 PID 1972 wrote to memory of 2532 1972 9a25ab8bdaa157c47a64fc2b0a1e443a.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a25ab8bdaa157c47a64fc2b0a1e443a.exe"C:\Users\Admin\AppData\Local\Temp\9a25ab8bdaa157c47a64fc2b0a1e443a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1972 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 5282⤵
- Program crash
PID:2532
-