Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-02-2024 23:00
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
file.exe
-
Size
317KB
-
MD5
5352e846611bdf4ad7482d7a64445190
-
SHA1
5d44de3ee7144a7a3566f362d277c29dee41594f
-
SHA256
90cc438e254ee84a0362aaab2d05ca61022c2a9d855651831ea9331bdf4a54f7
-
SHA512
120e2e381e0347fb2990d74622f2448dd88d2e27db49d18b79e17fd18604c1096f9adead0f8b5fbf35615a9829da0812dd6919a00473eee38d7227335988b3ea
-
SSDEEP
6144:v58T0cNW9wInNW0jIyV16HTqU7ruGr3OUik7/SVYmzK:veIcNWztUqgv7hGk7/Id+
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 2196 set thread context of 2908 2196 file.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2572 2908 WerFault.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 17 IoCs
Processes:
file.exeRegAsm.exedescription pid process target process PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2196 wrote to memory of 2908 2196 file.exe RegAsm.exe PID 2908 wrote to memory of 2572 2908 RegAsm.exe WerFault.exe PID 2908 wrote to memory of 2572 2908 RegAsm.exe WerFault.exe PID 2908 wrote to memory of 2572 2908 RegAsm.exe WerFault.exe PID 2908 wrote to memory of 2572 2908 RegAsm.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 2603⤵
- Program crash
PID:2572
-
-