Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-05-2024 22:47
Static task
static1
Behavioral task
behavioral1
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win10-20240404-en
General
-
Target
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
-
Size
490KB
-
MD5
b09b19c780bfaa784ccf35dc454f9326
-
SHA1
0efc9a13e26c279bcf9d07bdb62f928f19860c7a
-
SHA256
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
SHA512
862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd
-
SSDEEP
12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2332 868 WerFault.exe 4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exedescription pid process target process PID 868 wrote to memory of 2332 868 4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe WerFault.exe PID 868 wrote to memory of 2332 868 4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe WerFault.exe PID 868 wrote to memory of 2332 868 4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe WerFault.exe PID 868 wrote to memory of 2332 868 4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe"C:\Users\Admin\AppData\Local\Temp\4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 362⤵
- Program crash
PID:2332