Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-03-2024 13:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ce38101a3995438a891466d6a0fb9df7.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ce38101a3995438a891466d6a0fb9df7.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
ce38101a3995438a891466d6a0fb9df7.exe
-
Size
72KB
-
MD5
ce38101a3995438a891466d6a0fb9df7
-
SHA1
37d2fca6758de8c587b30c1c8c50b980adf36d67
-
SHA256
dc9711f0ba291c0aef495f9dfab6707108a49968c8ef33a826c55e231aeb03ee
-
SHA512
847bc8d7b021a372c45e16f50bed4086bfc2f9a03c30966e0deb263bb4835afdf03c0076308d1ff18b929fb96ea86eaaf1526ab55886e570acbc8f4afa892713
-
SSDEEP
1536:XTD1L+BLRY0hPrJFhqOiX+c3lOxPAlP6:jD1ynY0hTJFAbXjVOKF6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2336 1244 WerFault.exe ce38101a3995438a891466d6a0fb9df7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ce38101a3995438a891466d6a0fb9df7.exedescription pid process target process PID 1244 wrote to memory of 2336 1244 ce38101a3995438a891466d6a0fb9df7.exe WerFault.exe PID 1244 wrote to memory of 2336 1244 ce38101a3995438a891466d6a0fb9df7.exe WerFault.exe PID 1244 wrote to memory of 2336 1244 ce38101a3995438a891466d6a0fb9df7.exe WerFault.exe PID 1244 wrote to memory of 2336 1244 ce38101a3995438a891466d6a0fb9df7.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce38101a3995438a891466d6a0fb9df7.exe"C:\Users\Admin\AppData\Local\Temp\ce38101a3995438a891466d6a0fb9df7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 922⤵
- Program crash