Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 07:04
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
636f4880444e9cefb984f6e8536ac950N.exe
Resource
win7-20240704-en
3 signatures
120 seconds
Behavioral task
behavioral2
Sample
636f4880444e9cefb984f6e8536ac950N.exe
Resource
win10v2004-20240709-en
2 signatures
120 seconds
General
-
Target
636f4880444e9cefb984f6e8536ac950N.exe
-
Size
184KB
-
MD5
636f4880444e9cefb984f6e8536ac950
-
SHA1
99c8c40615d72c7189413307128ad59c12449a70
-
SHA256
a14b4b6c8c39fc86667f5291d56f94339e5516ca45a08fb3479c9cb38b03bfc5
-
SHA512
53ffa3a3acbaf20c02ec26cff0d686cc7ce3af18dc86097006fa219eae21f3b9e884e57822007781624b7338f9f28a3545eeaaa71a84afa4c8ac27f6c819ea24
-
SSDEEP
3072:fTPvckodAOrAd4lZWixn8NNzulvnqnxiu9:fTDo784lR8jzulPqnxiu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 772 2008 WerFault.exe 29 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2008 636f4880444e9cefb984f6e8536ac950N.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 772 2008 636f4880444e9cefb984f6e8536ac950N.exe 30 PID 2008 wrote to memory of 772 2008 636f4880444e9cefb984f6e8536ac950N.exe 30 PID 2008 wrote to memory of 772 2008 636f4880444e9cefb984f6e8536ac950N.exe 30 PID 2008 wrote to memory of 772 2008 636f4880444e9cefb984f6e8536ac950N.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\636f4880444e9cefb984f6e8536ac950N.exe"C:\Users\Admin\AppData\Local\Temp\636f4880444e9cefb984f6e8536ac950N.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2002⤵
- Program crash
PID:772
-