Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 03:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe
Resource
win7-20240708-en
2 signatures
60 seconds
General
-
Target
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe
-
Size
530KB
-
MD5
f86ed3870e7bdff3fbf304b69cff14a3
-
SHA1
96b60aa50afb2efedb87d4d344a052e85215941d
-
SHA256
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd
-
SHA512
e9c1352d954dbc90cc9ad082acd2d6148580c6c97c339d0c9adc2ce34ca84c44b1b1c6c9a3f81af570615423227f9ca3d8938d1a3ec24ce8c39095abf5e51168
-
SSDEEP
12288:/RyWcpG0Sv9+XyyqxhzjnSnWfSkOOEwMErCjRq3rR:/+pG06AuhYGdo07
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2684 3052 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exedescription pid Process procid_target PID 3052 wrote to memory of 2684 3052 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 30 PID 3052 wrote to memory of 2684 3052 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 30 PID 3052 wrote to memory of 2684 3052 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 30 PID 3052 wrote to memory of 2684 3052 4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe"C:\Users\Admin\AppData\Local\Temp\4502d00753405a4dda90486c8ba9a373fb9f08eef7bfc8a5cce63c2219a115fd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 1122⤵
- Program crash
PID:2684
-