Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
22-02-2024 04:54
Static task
static1
Behavioral task
behavioral1
Sample
479342d62078aaf31881972c7574f6f2.exe
Resource
win7-20240215-en
3 signatures
150 seconds
General
-
Target
479342d62078aaf31881972c7574f6f2.exe
-
Size
5.6MB
-
MD5
479342d62078aaf31881972c7574f6f2
-
SHA1
382fa9a95746ca6199e7dfb9ae2bd035f4000fb4
-
SHA256
a6b59e0a275b5314935a3f812a5ba7dd5d5cc9524d3a6efdeb3a103eea386f6d
-
SHA512
0e74e3e0b993968220e712ffd94a76c00d35f0452494d62b3f6780c80cc0cae2e9982978830c54bed3a57d17a5a84abbdc4c0cbb5961afcae785048ac4ac47da
-
SSDEEP
98304:VtiVJmQPallXIjrii0nu3m2RwJhsyJExbHMLex0ATwhdgY4m9g7iVyfiC1ql0u7C:+nmEalSMnuJwJhsyCxbtOATwXvwFiCau
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2712 1288 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
479342d62078aaf31881972c7574f6f2.exepid Process 1288 479342d62078aaf31881972c7574f6f2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
479342d62078aaf31881972c7574f6f2.exedescription pid Process procid_target PID 1288 wrote to memory of 2712 1288 479342d62078aaf31881972c7574f6f2.exe 28 PID 1288 wrote to memory of 2712 1288 479342d62078aaf31881972c7574f6f2.exe 28 PID 1288 wrote to memory of 2712 1288 479342d62078aaf31881972c7574f6f2.exe 28 PID 1288 wrote to memory of 2712 1288 479342d62078aaf31881972c7574f6f2.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\479342d62078aaf31881972c7574f6f2.exe"C:\Users\Admin\AppData\Local\Temp\479342d62078aaf31881972c7574f6f2.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 1282⤵
- Program crash
PID:2712
-