Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-02-2024 09:57
Behavioral task
behavioral1
Sample
8ff3cee3eb06229dd932256e10e67431.exe
Resource
win7-20240221-en
4 signatures
150 seconds
General
-
Target
8ff3cee3eb06229dd932256e10e67431.exe
-
Size
5.5MB
-
MD5
8ff3cee3eb06229dd932256e10e67431
-
SHA1
6e8b5ce52148cccdc9570ff67e059f48c90fccfa
-
SHA256
65d4936f68f29cb7730436fcbf987aa2ee7a5c3a9d2a45f40fd2cb7e37e81640
-
SHA512
72ef16a155df452e912d82474a947a652a2570022bb4a65ad5a124d26b01130790a35d33920cffe7e9db758d5ebc5f39d2b9e8ebd8def69925fa96d94e0c0449
-
SSDEEP
98304:SXtuV2KxgKn2OkNuQXwWDctUcFygm34BnwChAKW44QH:0uVXxgi2vcQgLueAKa
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1292-2-0x00000000001D0000-0x0000000000AB9000-memory.dmp vmprotect behavioral1/memory/1292-5-0x00000000001D0000-0x0000000000AB9000-memory.dmp vmprotect behavioral1/memory/1292-12-0x00000000001D0000-0x0000000000AB9000-memory.dmp vmprotect -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2936 1292 WerFault.exe 20 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
8ff3cee3eb06229dd932256e10e67431.exepid Process 1292 8ff3cee3eb06229dd932256e10e67431.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
8ff3cee3eb06229dd932256e10e67431.exedescription pid Process procid_target PID 1292 wrote to memory of 2936 1292 8ff3cee3eb06229dd932256e10e67431.exe 28 PID 1292 wrote to memory of 2936 1292 8ff3cee3eb06229dd932256e10e67431.exe 28 PID 1292 wrote to memory of 2936 1292 8ff3cee3eb06229dd932256e10e67431.exe 28 PID 1292 wrote to memory of 2936 1292 8ff3cee3eb06229dd932256e10e67431.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ff3cee3eb06229dd932256e10e67431.exe"C:\Users\Admin\AppData\Local\Temp\8ff3cee3eb06229dd932256e10e67431.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1292 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 1242⤵
- Program crash
PID:2936
-