Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 02:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe
Resource
win7-20240419-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe
-
Size
4.8MB
-
MD5
3d5d6485af7cd75f9cb1284a35e70f97
-
SHA1
511388b6ef0247a952580e1aaa70e6e7646e35fb
-
SHA256
d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411
-
SHA512
c4340c7947b23b83c8acb2a08fdc599ad24fc891d9ac81e6b98b00509a681266d2f390cf7f10123504b4bffdf77a0108cd6249ca7272ac4f4bcd0d106b406e4a
-
SSDEEP
98304:pSnTPjsgAvcAbjUTRl92dXeYbFhGLhWQDf6Z1a51:pSnT7bAEAbjUvoDhGLAaj
Score
9/10
Malware Config
Signatures
-
Detects executables packed with Dotfuscator 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3028-1-0x0000000000F10000-0x00000000013DE000-memory.dmp INDICATOR_EXE_Packed_Dotfuscator -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2984 3028 WerFault.exe d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exedescription pid process target process PID 3028 wrote to memory of 2984 3028 d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe WerFault.exe PID 3028 wrote to memory of 2984 3028 d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe WerFault.exe PID 3028 wrote to memory of 2984 3028 d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe WerFault.exe PID 3028 wrote to memory of 2984 3028 d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe"C:\Users\Admin\AppData\Local\Temp\d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 5442⤵
- Program crash