Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 17:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ac73a098fc0087786195da49233085df.exe
Resource
win7-20240220-en
2 signatures
150 seconds
General
-
Target
ac73a098fc0087786195da49233085df.exe
-
Size
107KB
-
MD5
ac73a098fc0087786195da49233085df
-
SHA1
d3e97fa079bdee8db1b62dd9985328c77de8658f
-
SHA256
26a3e1ab7bb8e247aa5c111171cd2ef7bc5cef6eac57b8cd1892bb46e3ede61b
-
SHA512
8aad6af134c72f6166bf983b07994831e9b522d98cc3eff0d70c98ce476cb21d2c6e1d3320251bfcf399eb704eaf603c1342135eb1d01a089674f68b696b2218
-
SSDEEP
3072:BOlMfxs5l0ecVmSK8IT5wKFxmwRDOU+SrO1azi:BUEsswStowQmwAUFrEazi
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1284 2040 WerFault.exe 11 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1284 2040 ac73a098fc0087786195da49233085df.exe 28 PID 2040 wrote to memory of 1284 2040 ac73a098fc0087786195da49233085df.exe 28 PID 2040 wrote to memory of 1284 2040 ac73a098fc0087786195da49233085df.exe 28 PID 2040 wrote to memory of 1284 2040 ac73a098fc0087786195da49233085df.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac73a098fc0087786195da49233085df.exe"C:\Users\Admin\AppData\Local\Temp\ac73a098fc0087786195da49233085df.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 1202⤵
- Program crash
PID:1284
-