Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-03-2024 13:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b780411de03c4cac56248048b62ab7cd.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
b780411de03c4cac56248048b62ab7cd.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
b780411de03c4cac56248048b62ab7cd.exe
-
Size
2.0MB
-
MD5
b780411de03c4cac56248048b62ab7cd
-
SHA1
c6b8807011dd39adeb1761d29a5b7cdb4d747023
-
SHA256
1b70f6d07c3a83cb316926360b53cc752e6afc2863ad28e8bacb031b15edc4f5
-
SHA512
ad4ce64217c7dbc16884132c57898f490037389cfc0c57ea4f408a70320586f009a94b82fb7b2a522bec55e664f493abfb86aa18c4a07dc3ae59b5baaf27ac8b
-
SSDEEP
49152:kdNYoYW4IETrsgUvu9N8ivdKDhA+WsPP6QmUTftIsSj7BuH:qYVrsk9N8ivyhAdsPSQx2Bu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2116 1760 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1760 wrote to memory of 2116 1760 b780411de03c4cac56248048b62ab7cd.exe 28 PID 1760 wrote to memory of 2116 1760 b780411de03c4cac56248048b62ab7cd.exe 28 PID 1760 wrote to memory of 2116 1760 b780411de03c4cac56248048b62ab7cd.exe 28 PID 1760 wrote to memory of 2116 1760 b780411de03c4cac56248048b62ab7cd.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\b780411de03c4cac56248048b62ab7cd.exe"C:\Users\Admin\AppData\Local\Temp\b780411de03c4cac56248048b62ab7cd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1760 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 5482⤵
- Program crash
PID:2116
-