Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-04-2024 19:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
file.exe
-
Size
1.1MB
-
MD5
c7cb10eadcca31c88538f972fd657590
-
SHA1
9b09cdc280601e63579ae2cb64d863a0419d971c
-
SHA256
fabac53ffc7381edddcaddca2c9b2d647dd30a2e66d62c3cca720349f1e66d4e
-
SHA512
9d8efe2b42c5cc99fdc807a9b3d6628c39825b257aef9e81d4b9396b5d3b730307478c047764631fc6b646895c7e92052326dff6e1740fd2ba4eef7904224bd6
-
SSDEEP
24576:f26YE2EStbC19xq1a9GeWTaaQgUkSMnHJa:fHp19xq1a9QQMHJa
Malware Config
Signatures
-
Detect Vidar Stealer 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1084-0-0x0000000000310000-0x000000000042A000-memory.dmp family_vidar_v7 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2248 1084 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 1084 wrote to memory of 2248 1084 file.exe WerFault.exe PID 1084 wrote to memory of 2248 1084 file.exe WerFault.exe PID 1084 wrote to memory of 2248 1084 file.exe WerFault.exe PID 1084 wrote to memory of 2248 1084 file.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1084-0-0x0000000000310000-0x000000000042A000-memory.dmpFilesize
1.1MB