Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-02-2024 20:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
file.exe
-
Size
297KB
-
MD5
9263197aa58e0e5bce76cce8f6323a9c
-
SHA1
06cf5f4f2c3b8a7cbf8064f15f4e6f988197470b
-
SHA256
ef798468db36b921f6c2830f5eb95c6e31b5e118f10a0aea9e944960cdf96a16
-
SHA512
cdf2f98ac3aa9efddb8908ce1101f429bb390617638d3fdd1ad698fa03727c183879d68a4a1ee8b15a12b1f7c840b8d6df1f6fb63a95ff2ce8d0e5a40bd77fab
-
SSDEEP
6144://dNtBhpzn/dC8smHVw+mNhMeRrnFmUVe2ZJNbsj7bfDfsPjYSxXVo1V:/VzB7lfsm6zQSFWLDYpX
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 1284 set thread context of 2916 1284 file.exe RegAsm.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2684 2916 WerFault.exe RegAsm.exe -
Suspicious use of WriteProcessMemory 24 IoCs
Processes:
file.exeRegAsm.exedescription pid process target process PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2032 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 1284 wrote to memory of 2916 1284 file.exe RegAsm.exe PID 2916 wrote to memory of 2684 2916 RegAsm.exe WerFault.exe PID 2916 wrote to memory of 2684 2916 RegAsm.exe WerFault.exe PID 2916 wrote to memory of 2684 2916 RegAsm.exe WerFault.exe PID 2916 wrote to memory of 2684 2916 RegAsm.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1284 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2032
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 2603⤵
- Program crash
PID:2684