Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/03/2024, 01:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e07ceb5807b100b9df862420f3c6a04f.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
e07ceb5807b100b9df862420f3c6a04f.exe
Resource
win10v2004-20240226-en
3 signatures
150 seconds
General
-
Target
e07ceb5807b100b9df862420f3c6a04f.exe
-
Size
48KB
-
MD5
e07ceb5807b100b9df862420f3c6a04f
-
SHA1
450562a6b931a9143f640ce200f9733b3104392c
-
SHA256
974ed13b6dfc392b598cf9aeb8fb4362f87c119344fdaf30b2e1e75af55e2976
-
SHA512
57e3dff45cb692cb2bd6fb4d181d22a9e485a4a506e991ebbb5897e9660d752bcd48c6a4e981db2ac44fc7e3570247eef922205c1248357378589fb131cfb4de
-
SSDEEP
768:UmO14SkQTctV5h8OBxr4NdM7cRyp3Rs/kkWPAW4S3aU60UGJyKTKgR8ORF37oK3i:5c4Z0OBB4NCARMs/k1cNGJthRhRF376f
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2836 2684 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2836 2684 e07ceb5807b100b9df862420f3c6a04f.exe 28 PID 2684 wrote to memory of 2836 2684 e07ceb5807b100b9df862420f3c6a04f.exe 28 PID 2684 wrote to memory of 2836 2684 e07ceb5807b100b9df862420f3c6a04f.exe 28 PID 2684 wrote to memory of 2836 2684 e07ceb5807b100b9df862420f3c6a04f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\e07ceb5807b100b9df862420f3c6a04f.exe"C:\Users\Admin\AppData\Local\Temp\e07ceb5807b100b9df862420f3c6a04f.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 882⤵
- Program crash
PID:2836
-