Analysis
-
max time kernel
52s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/06/2024, 14:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
129121540_2359416601_1804023753.exe
Resource
win7-20240221-en
1 signatures
60 seconds
Behavioral task
behavioral2
Sample
129121540_2359416601_1804023753.exe
Resource
win10v2004-20240226-en
0 signatures
60 seconds
General
-
Target
129121540_2359416601_1804023753.exe
-
Size
1.1MB
-
MD5
aa68830dd0f0ef5274c7ab785fb95a37
-
SHA1
c09d2af1d51532e2c5d834a62078f8d383c82e91
-
SHA256
aee79791e6186b79bf0164dc334978af9d10a5c70af345ae5690949acd162a74
-
SHA512
bf57bdafaaa12bf9517c976a7c7e8e9dfb185e94e35a9d0a359552d27c8adb82a2b3e3ed03ebfbb7f5c48f174495fa9ba3387c18be99f8d4b2b982665e874aa5
-
SSDEEP
24576:RQYU7Lj4NQn77tPp4QhK2tbuLnflgNCa4MIM8mB3Bn2qfG/dpJGK:R/Qv4Ns77MiK2holgpr7n2IapQ
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2876 wrote to memory of 3004 2876 129121540_2359416601_1804023753.exe 28 PID 2876 wrote to memory of 3004 2876 129121540_2359416601_1804023753.exe 28 PID 2876 wrote to memory of 3004 2876 129121540_2359416601_1804023753.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe"C:\Users\Admin\AppData\Local\Temp\129121540_2359416601_1804023753.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2876 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2876 -s 2482⤵PID:3004
-