Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-03-2024 01:43
Behavioral task
behavioral1
Sample
484c77e2fbbe44f0edf0eb59e77b1e5a.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
484c77e2fbbe44f0edf0eb59e77b1e5a.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
484c77e2fbbe44f0edf0eb59e77b1e5a.exe
-
Size
8.1MB
-
MD5
484c77e2fbbe44f0edf0eb59e77b1e5a
-
SHA1
e65b59a40e6cc861e88d4ebae1a753bfc89b92d4
-
SHA256
474805ace0e25200cf213d31a90444070ebdc68ac80841f3bcb414af0566da33
-
SHA512
51c5349e0b52d1c8e02b93ab079be41275ff76a41b6b404972eb696869e4ad704b434a92d5c94bf153794c12e3454d58b04bc75615132570afadf2b76b167923
-
SSDEEP
98304:9iy+j3/y+SE5USLbS3kkM+b25Iz9CSPv2qmxqboYhtRFXSYweFsWxVTqPkuUXqKX:srj3KuC0WeqHbokvXoeFv3qcMm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2804 2756 WerFault.exe 484c77e2fbbe44f0edf0eb59e77b1e5a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
484c77e2fbbe44f0edf0eb59e77b1e5a.exedescription pid process target process PID 2756 wrote to memory of 2804 2756 484c77e2fbbe44f0edf0eb59e77b1e5a.exe WerFault.exe PID 2756 wrote to memory of 2804 2756 484c77e2fbbe44f0edf0eb59e77b1e5a.exe WerFault.exe PID 2756 wrote to memory of 2804 2756 484c77e2fbbe44f0edf0eb59e77b1e5a.exe WerFault.exe PID 2756 wrote to memory of 2804 2756 484c77e2fbbe44f0edf0eb59e77b1e5a.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\484c77e2fbbe44f0edf0eb59e77b1e5a.exe"C:\Users\Admin\AppData\Local\Temp\484c77e2fbbe44f0edf0eb59e77b1e5a.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 362⤵
- Program crash