Analysis
-
max time kernel
140s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19/03/2024, 12:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d6154725fbd3747d5684bcca2d4683e7.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d6154725fbd3747d5684bcca2d4683e7.exe
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
d6154725fbd3747d5684bcca2d4683e7.exe
-
Size
28KB
-
MD5
d6154725fbd3747d5684bcca2d4683e7
-
SHA1
3aca8fa54567084adc880ca19de6482ecb84b334
-
SHA256
280c406869a339aa3e4e8aa54742af9ecb0de2cf0784907a17f8ba032a9ebf13
-
SHA512
9acaec5a6cfdecb0a03920c7c908605e99d9c4dd5b1cd7bdbfe34c02fd81eed0c5bf7a5cd65f4c58a71d429aa88d218a9a517393e9d855df3c2ecde7a7ff2d6a
-
SSDEEP
768:7Exue5lZFoEb5eSpnqKtq/aZQneOE6oxb:0uMlZCALBt9g7E6oh
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2176 2600 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2600 wrote to memory of 2176 2600 d6154725fbd3747d5684bcca2d4683e7.exe 28 PID 2600 wrote to memory of 2176 2600 d6154725fbd3747d5684bcca2d4683e7.exe 28 PID 2600 wrote to memory of 2176 2600 d6154725fbd3747d5684bcca2d4683e7.exe 28 PID 2600 wrote to memory of 2176 2600 d6154725fbd3747d5684bcca2d4683e7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6154725fbd3747d5684bcca2d4683e7.exe"C:\Users\Admin\AppData\Local\Temp\d6154725fbd3747d5684bcca2d4683e7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 362⤵
- Program crash
PID:2176
-