Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-02-2024 15:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
spoofer.exe
-
Size
482KB
-
MD5
e1f4c125e7ec9e784198518ade924a40
-
SHA1
717430c9b87a1a51e784e4ce319661cd62faba1e
-
SHA256
ecd94d7862164f3dcc80267eac225e7d59d3e19c8d9819b7fe2027bd7cfea75a
-
SHA512
b8133c3d95be21fdf1f17446edea87ec1e36dea91690801847527a0989312606c7ea878183ea1896d7983ff08a7469d2c77be87140e93dcc60edeab08f568875
-
SSDEEP
12288:LxM0y+A7alDpZuRO+tYCStlSs3hLJeBKq:O0y+AWZu6CStlSChLJeBn
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2940 2872 WerFault.exe spoofer.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
spoofer.exedescription pid process target process PID 2872 wrote to memory of 2940 2872 spoofer.exe WerFault.exe PID 2872 wrote to memory of 2940 2872 spoofer.exe WerFault.exe PID 2872 wrote to memory of 2940 2872 spoofer.exe WerFault.exe PID 2872 wrote to memory of 2940 2872 spoofer.exe WerFault.exe