Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
24-05-2024 05:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
913c99449a29c2640d36b0d5fdf69289.exe
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
913c99449a29c2640d36b0d5fdf69289.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
913c99449a29c2640d36b0d5fdf69289.exe
-
Size
1.3MB
-
MD5
913c99449a29c2640d36b0d5fdf69289
-
SHA1
858971f52ab45dc8be5f2c43da9b0c25ba398435
-
SHA256
39475882127fd9789d9c23444153a4a4841f3ffbb34ffabb0c540e6e9d76d034
-
SHA512
b35a9a28d01a948455da4d078d9f9d1aacb5e9fff5c8359b4278400e29296c75ff96554ae6cc8cd4f53d1db8525d43927c87b793e3fb2e72549d944fd62a6d96
-
SSDEEP
24576:AP+g7Wy3xfMZKdcKtTjbJ4HEEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6TjbsEEEEEEEEEEEEEEEEEEEE+
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2620 1580 WerFault.exe 913c99449a29c2640d36b0d5fdf69289.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
913c99449a29c2640d36b0d5fdf69289.exedescription pid process target process PID 1580 wrote to memory of 2620 1580 913c99449a29c2640d36b0d5fdf69289.exe WerFault.exe PID 1580 wrote to memory of 2620 1580 913c99449a29c2640d36b0d5fdf69289.exe WerFault.exe PID 1580 wrote to memory of 2620 1580 913c99449a29c2640d36b0d5fdf69289.exe WerFault.exe PID 1580 wrote to memory of 2620 1580 913c99449a29c2640d36b0d5fdf69289.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\913c99449a29c2640d36b0d5fdf69289.exe"C:\Users\Admin\AppData\Local\Temp\913c99449a29c2640d36b0d5fdf69289.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 6962⤵
- Program crash