Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 23:46
Static task
static1
Behavioral task
behavioral1
Sample
SoftWare.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
SoftWare.exe
-
Size
317KB
-
MD5
715ce74cd987a5ac7f5dbc789e4511cb
-
SHA1
14ce91cd5b398d141c9ad53d8a5bd7ffee8cede3
-
SHA256
77cdd1d711ff6f068a60d15b058b66311eab2b0bf09eb86b4f66fe9007e66126
-
SHA512
1f274040704c266ab68e45077d296c077839ddf474d08f43e8debebf5d4cd472dab9a802858f0331f081ca9d037433336b833dd7ff8027cc198f639c3c13eea8
-
SSDEEP
6144:DBvk1y/RWNrZCV9QzoOr6iYZVSQXfku+CawXNijlVmGnLuzx:1vl/RWNrZw98MVPXfkuz0WGLU
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
SoftWare.exedescription pid process target process PID 1312 set thread context of 3032 1312 SoftWare.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2632 3032 WerFault.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
SoftWare.exeRegAsm.exedescription pid process target process PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 1312 wrote to memory of 3032 1312 SoftWare.exe RegAsm.exe PID 3032 wrote to memory of 2632 3032 RegAsm.exe WerFault.exe PID 3032 wrote to memory of 2632 3032 RegAsm.exe WerFault.exe PID 3032 wrote to memory of 2632 3032 RegAsm.exe WerFault.exe PID 3032 wrote to memory of 2632 3032 RegAsm.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"C:\Users\Admin\AppData\Local\Temp\SoftWare.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1312 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 2603⤵
- Program crash
PID:2632
-
-