Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
22-02-2024 05:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe
-
Size
7.5MB
-
MD5
326bb55042949472ab9a787a48d4ad64
-
SHA1
e38d33295bfd38dfaa7b2ca77ce893eae50905b4
-
SHA256
2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e
-
SHA512
6d11f8ee8470c70cb6cea582bf25252af530bb4925f8025bd66c0749156a90521a09ac4154d25a1cc6622ffaf7153192c3e30248d464de7bcceda418febb1340
-
SSDEEP
98304:CPdHE9A6+FSzKN3s1fdUyElINeeZie00dUPl/tnmOmRqf+Rw:QWqS+N3s1fdUcNem9MNQrOI
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2512 1680 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exedescription pid Process procid_target PID 1680 wrote to memory of 2512 1680 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe 28 PID 1680 wrote to memory of 2512 1680 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe 28 PID 1680 wrote to memory of 2512 1680 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe 28 PID 1680 wrote to memory of 2512 1680 2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe"C:\Users\Admin\AppData\Local\Temp\2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1680 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 5922⤵
- Program crash
PID:2512
-