Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 18:10
Behavioral task
behavioral1
Sample
20240522d248ec99923cd5cff34de14796f8201bstop.exe
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
20240522d248ec99923cd5cff34de14796f8201bstop.exe
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
20240522d248ec99923cd5cff34de14796f8201bstop.exe
-
Size
1.1MB
-
MD5
d248ec99923cd5cff34de14796f8201b
-
SHA1
d75d669dfda113163449350313d6ebe0f7c48f3c
-
SHA256
467d7ac0d5e883c09d328274b5a76fc3d37568a5f41172cad51fa73af3abfcf4
-
SHA512
2203e9b3d8d687ed7615383b890f566070ab7ed36f018cfb94777eae4c9d5d0c82afe25e7bd0559fb7535ea1eac5ee01935becd9225d9d3d51efc41503d232da
-
SSDEEP
24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/XRPOO8SGHUq7:F0dwAYZt6C31WeTPRPOhSSUq7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1512 616 WerFault.exe 20240522d248ec99923cd5cff34de14796f8201bstop.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
20240522d248ec99923cd5cff34de14796f8201bstop.exedescription pid process target process PID 616 wrote to memory of 1512 616 20240522d248ec99923cd5cff34de14796f8201bstop.exe WerFault.exe PID 616 wrote to memory of 1512 616 20240522d248ec99923cd5cff34de14796f8201bstop.exe WerFault.exe PID 616 wrote to memory of 1512 616 20240522d248ec99923cd5cff34de14796f8201bstop.exe WerFault.exe PID 616 wrote to memory of 1512 616 20240522d248ec99923cd5cff34de14796f8201bstop.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\20240522d248ec99923cd5cff34de14796f8201bstop.exe"C:\Users\Admin\AppData\Local\Temp\20240522d248ec99923cd5cff34de14796f8201bstop.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:616 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 1962⤵
- Program crash
PID:1512