Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 07:22
Behavioral task
behavioral1
Sample
2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe
-
Size
1.1MB
-
MD5
3cd70495c0d3ceeb8139d40387c62cb6
-
SHA1
094acb85be7bc92bcb3e57d5371937f5a9fad8f8
-
SHA256
d204bc307ac8ba0ae9bfc38310ed5ff97c371610b034ba53bd48a0bc2f3f86cb
-
SHA512
4678f64d5340a2e6535b6c7946ce6e90f5691e3b9a7dcac2f5196721d289691db2589f8c8eb07e387419c4d808b06e9f9cd319e772d861f41960a68ecbb02bea
-
SSDEEP
24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/qRPOO8rEHUq7:F0dwAYZt6C31WeTiRPOhrkUq7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2956 2884 WerFault.exe 2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exedescription pid process target process PID 2884 wrote to memory of 2956 2884 2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe WerFault.exe PID 2884 wrote to memory of 2956 2884 2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe WerFault.exe PID 2884 wrote to memory of 2956 2884 2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe WerFault.exe PID 2884 wrote to memory of 2956 2884 2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-22_3cd70495c0d3ceeb8139d40387c62cb6_stop.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 1922⤵
- Program crash
PID:2956