Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 21:10
Static task
static1
Behavioral task
behavioral1
Sample
4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe
Resource
win10v2004-20240508-en
General
-
Target
4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe
-
Size
894KB
-
MD5
2137a17d91c13590a302d25e0d54039a
-
SHA1
045c362c94ff15fc923f164a64639121e79b961b
-
SHA256
4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2
-
SHA512
af37a181d2fda473c73bc76ae3997e3dbb7e5a60d454803211be7a519aa8e513d8f45058191d123e21bc510397d0525f1f4b396d54d14423fffad543de2e529b
-
SSDEEP
24576:Fs4e9k02lMgvVO4Zl3SMgI58BcGg2cvGj81rQGX5:FSk24Zl3SMgGCcGg2cvGj81rQGX5
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2748 2368 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2368 wrote to memory of 2748 2368 4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe 28 PID 2368 wrote to memory of 2748 2368 4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe 28 PID 2368 wrote to memory of 2748 2368 4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe 28 PID 2368 wrote to memory of 2748 2368 4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe"C:\Users\Admin\AppData\Local\Temp\4ba9e0105a080cbb9cb9b547479e3cbec5c52b8ca39e1939b9f210389a8653d2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 7762⤵
- Program crash
PID:2748
-