Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-02-2024 06:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
EA9E.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
EA9E.exe
-
Size
5.0MB
-
MD5
0904e849f8483792ef67991619ece915
-
SHA1
58d04535efa58effb3c5ed53a2462aa96d676b79
-
SHA256
fca631b3198194fcc0c619b5690dbde2e9f38afb1b978bab8ea3f92b572ce1ef
-
SHA512
258fc59050aa455ad56167dd1bbe5e098eefc0f3e950c90d89bac2aa74abb5cfa1710d866c0e28e58dcb2f914736470a4dd9838dd6412b633aee87d71b867cf5
-
SSDEEP
98304:YpagNGsMccFm+UzQSYGUbVmmu16zerASsze/5CYOAVzSJP9c+:Ypa0GspcIlz9YvJkOekS9CYO0aP9c+
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2744 2928 WerFault.exe EA9E.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
EA9E.exepid process 2928 EA9E.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
EA9E.exedescription pid process target process PID 2928 wrote to memory of 2744 2928 EA9E.exe WerFault.exe PID 2928 wrote to memory of 2744 2928 EA9E.exe WerFault.exe PID 2928 wrote to memory of 2744 2928 EA9E.exe WerFault.exe PID 2928 wrote to memory of 2744 2928 EA9E.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\EA9E.exe"C:\Users\Admin\AppData\Local\Temp\EA9E.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2928 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 1242⤵
- Program crash
PID:2744
-