Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
04-07-2024 17:10
Behavioral task
behavioral1
Sample
EnsureRunning.exe
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
General
-
Target
EnsureRunning.exe
-
Size
119KB
-
MD5
b6aa8ac6138abcc3bff5dd4176a45a3f
-
SHA1
a65e8fc2c31e6846347028be7d76d7e1183db189
-
SHA256
1873a35b76ee68cd850440501e1ec3f572d126f6174fdd61813f3e5821c9a266
-
SHA512
be4a5687430e5eda3cc83f6a8743257195c73e7151deb33743d34bce11c74d15e1ae45b0f3150b1ca771f698ab3168174e812da343c14af4d94fb82527c12250
-
SSDEEP
1536:BZdBIw+jjgnJ2H9XqcnW85SbThuIkKuZ+8uZ3nV5XS65mkrPZ58kzQ+e+e+gi:TdGw+jqJ491UbTh3h7J7M+e+e+gi
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1756 2176 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2176 wrote to memory of 1756 2176 EnsureRunning.exe 29 PID 2176 wrote to memory of 1756 2176 EnsureRunning.exe 29 PID 2176 wrote to memory of 1756 2176 EnsureRunning.exe 29 PID 2176 wrote to memory of 1756 2176 EnsureRunning.exe 29