Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 15:08
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
beebaa5e9bcf800d58a89bbc2b27d48e.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
beebaa5e9bcf800d58a89bbc2b27d48e.exe
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
beebaa5e9bcf800d58a89bbc2b27d48e.exe
-
Size
4KB
-
MD5
beebaa5e9bcf800d58a89bbc2b27d48e
-
SHA1
aa1abc3e9864ea96230c5ffba12faabc0e13fe79
-
SHA256
e46ef70bfc8c60d04126ed120ad18231297a71b8d98f8b156a763d196d01f282
-
SHA512
1b751a7ec563bcf8476ee8a99308d10a250c98f1e5646e439987ddf3ffdf447b1b2b12e8a73c58da89c15ddfcbe368b5914d6b66b93b75524f951970a41e08d9
-
SSDEEP
48:SdnGByS49mPB4ffKBWBwQIZWbRV12pXdmDq5WwGh7883l5vCDlZklv:9XFhEpEWgpNo6Ww8xCpW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1588 1456 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1456 wrote to memory of 1588 1456 beebaa5e9bcf800d58a89bbc2b27d48e.exe 28 PID 1456 wrote to memory of 1588 1456 beebaa5e9bcf800d58a89bbc2b27d48e.exe 28 PID 1456 wrote to memory of 1588 1456 beebaa5e9bcf800d58a89bbc2b27d48e.exe 28 PID 1456 wrote to memory of 1588 1456 beebaa5e9bcf800d58a89bbc2b27d48e.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\beebaa5e9bcf800d58a89bbc2b27d48e.exe"C:\Users\Admin\AppData\Local\Temp\beebaa5e9bcf800d58a89bbc2b27d48e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1456 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 922⤵
- Program crash
PID:1588
-