Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/02/2024, 07:06
Behavioral task
behavioral1
Sample
adf9edfb64a39411235b79e85010e278.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
adf9edfb64a39411235b79e85010e278.exe
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
adf9edfb64a39411235b79e85010e278.exe
-
Size
73KB
-
MD5
adf9edfb64a39411235b79e85010e278
-
SHA1
1e9a32879dda087bcaaef1d7d07e75a574bb6197
-
SHA256
8185eaca839b5ff49a6475051437f9f17ccf3d89f0a5365ef88c8d7b1239e959
-
SHA512
493f79510d16f7df4994349e4658c89cb1810a6faf025529df264061f8ac7db36ab0e07aa508ce712d0e50e28b217460d39734bcd88169f780d840963db9cbb2
-
SSDEEP
1536:kCxKOBJyypgmDzV2NSQ85GdSu62Cnts1LxgUKL:/nyypmMGdSu51eUKL
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2432 2200 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2200 wrote to memory of 2432 2200 adf9edfb64a39411235b79e85010e278.exe 28 PID 2200 wrote to memory of 2432 2200 adf9edfb64a39411235b79e85010e278.exe 28 PID 2200 wrote to memory of 2432 2200 adf9edfb64a39411235b79e85010e278.exe 28 PID 2200 wrote to memory of 2432 2200 adf9edfb64a39411235b79e85010e278.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\adf9edfb64a39411235b79e85010e278.exe"C:\Users\Admin\AppData\Local\Temp\adf9edfb64a39411235b79e85010e278.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 882⤵
- Program crash
PID:2432
-