Analysis
-
max time kernel
120s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 19:41
Behavioral task
behavioral1
Sample
20240522fe889cd2f34fe13148212a22a3fc1883stop.exe
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
20240522fe889cd2f34fe13148212a22a3fc1883stop.exe
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
20240522fe889cd2f34fe13148212a22a3fc1883stop.exe
-
Size
1.1MB
-
MD5
fe889cd2f34fe13148212a22a3fc1883
-
SHA1
649892537e3a5d78a5244c9ad61f850e8fff6ba3
-
SHA256
2ba67bf523e36f049ca64aad113a3d8302c3ea5ed9857ed6c7633cd0fc067d42
-
SHA512
b52c6b6b5c090568362c77cf68e31bf96fe808124e66e24eb0c307c7ff32220d0ca02782cad9a2664f3a1b933d5efe03f648ca9ead997d2a12c071eaab871840
-
SSDEEP
24576:ZBUIKn/vwOXGUXAjCymYZiVtElVIBT2roqnTSSxWeT/pRPOO8S7HUq7:F0dwAYZt6C31WeTBRPOhSzUq7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2052 3000 WerFault.exe 20240522fe889cd2f34fe13148212a22a3fc1883stop.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
20240522fe889cd2f34fe13148212a22a3fc1883stop.exedescription pid process target process PID 3000 wrote to memory of 2052 3000 20240522fe889cd2f34fe13148212a22a3fc1883stop.exe WerFault.exe PID 3000 wrote to memory of 2052 3000 20240522fe889cd2f34fe13148212a22a3fc1883stop.exe WerFault.exe PID 3000 wrote to memory of 2052 3000 20240522fe889cd2f34fe13148212a22a3fc1883stop.exe WerFault.exe PID 3000 wrote to memory of 2052 3000 20240522fe889cd2f34fe13148212a22a3fc1883stop.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\20240522fe889cd2f34fe13148212a22a3fc1883stop.exe"C:\Users\Admin\AppData\Local\Temp\20240522fe889cd2f34fe13148212a22a3fc1883stop.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 1922⤵
- Program crash
PID:2052