Malware Analysis Report

2025-04-14 02:55

Sample ID 240613-d4zc2swfpp
Target Driver4VR.exe
SHA256 92e7fb4704d66e923f1367d68f633adddceb675ef943833be40bf2c2a7fc8543
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

92e7fb4704d66e923f1367d68f633adddceb675ef943833be40bf2c2a7fc8543

Threat Level: No (potentially) malicious behavior was detected

The file Driver4VR.exe was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 03:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 03:34

Reported

2024-06-13 03:37

Platform

win7-20231129-en

Max time kernel

118s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe"

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2748 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe C:\Windows\system32\WerFault.exe
PID 2748 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe C:\Windows\system32\WerFault.exe
PID 2748 wrote to memory of 3020 N/A C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe C:\Windows\system32\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe

"C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2748 -s 624

Network

N/A

Files

memory/2748-0-0x000007FEF5783000-0x000007FEF5784000-memory.dmp

memory/2748-1-0x000000013F420000-0x000000013F44E000-memory.dmp

memory/2748-2-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

memory/2748-3-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 03:34

Reported

2024-06-13 03:35

Platform

win10v2004-20240508-en

Max time kernel

30s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe

"C:\Users\Admin\AppData\Local\Temp\Driver4VR.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1664-0-0x00007FFE57C23000-0x00007FFE57C25000-memory.dmp

memory/1664-1-0x000001C052E00000-0x000001C052E2E000-memory.dmp

memory/1664-2-0x00007FFE57C20000-0x00007FFE586E1000-memory.dmp

memory/1664-3-0x00007FFE57C20000-0x00007FFE586E1000-memory.dmp