Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 16:32
Behavioral task
behavioral1
Sample
dead.exe
Resource
win7-20240708-en
windows7-x64
3 signatures
30 seconds
General
-
Target
dead.exe
-
Size
254KB
-
MD5
41a555bbc081356100cafdd006d3c096
-
SHA1
bf4f81ed8b698b9865098fccabff0bbbe3ca3255
-
SHA256
7e45b79940116f8a1de3a75f82e5209d0279d99479a24778e1590dd739b6ddf8
-
SHA512
1bc00d609264c523ab114e845a26edb9a611b927a583730880916f04efeee9c37c4529559a47854e422ab8530ab8edbb87754a755f50939c29e5a14e4b74efbc
-
SSDEEP
6144:+4oZo8KbOUtoAXAEeDh0x7axHU3FmRaW8ejI82V:9oZAOUo90ufIl
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral1/memory/2348-1-0x0000000001360000-0x00000000013A6000-memory.dmp family_umbral -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2348 wrote to memory of 268 2348 dead.exe 31 PID 2348 wrote to memory of 268 2348 dead.exe 31 PID 2348 wrote to memory of 268 2348 dead.exe 31