Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 02:07
Static task
static1
Behavioral task
behavioral1
Sample
70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe
Resource
win10v2004-20240226-en
General
-
Target
70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe
-
Size
7.2MB
-
MD5
c5ccf171be0afa6d9a1092bac9cb0b96
-
SHA1
5a2fdbda3acb7a52152bc1472871f09d3624b2a1
-
SHA256
70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73
-
SHA512
748c36c8bedfa471b02ead81e0cb7b20e0b11f4b8d84360e8f72215b069ec8191e8ddbfa80d61ecbac404a0bc68d73be145013e44e581d1c5268782b1c87f7b2
-
SSDEEP
98304:B7//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL6:B7//1xBVqvG5dQ2m0cN+hmdYkvsFLL6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2280 wrote to memory of 2872 2280 70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe 28 PID 2280 wrote to memory of 2872 2280 70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe 28 PID 2280 wrote to memory of 2872 2280 70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe"C:\Users\Admin\AppData\Local\Temp\70b933e76310295d4f74af8a60e3295561858d649366a3ae967c512e10427c73.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2280 -s 6362⤵PID:2872
-