Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
15-07-2024 10:14
Static task
static1
Behavioral task
behavioral1
Sample
06712b4426ac6be0ab38c2e28f46092c.exe
Resource
win7-20240705-en
2 signatures
150 seconds
General
-
Target
06712b4426ac6be0ab38c2e28f46092c.exe
-
Size
389KB
-
MD5
06712b4426ac6be0ab38c2e28f46092c
-
SHA1
df810c703dc7f5f656b478a122fbd05e665754a5
-
SHA256
832a15b86c6ab8cc88944a3c53df4f81825c799e3cc7eac48d9e3d487d007add
-
SHA512
58980624975e3e4d29c6709cf0e1d4b1ee4e6936ae28b046a158ddca32d24dceaf8d2fd3a5d4f9e11f8ed7aa8cfbd1921ace35b5cb0aa37d0964c2d558d9df68
-
SSDEEP
6144:LlgL+y0iFkeLnCUcx/IcoN6O2MW66mRBz1MkNdTMrjnWNOXMGRMLHdDPl2di84EO:LDiFHnC5dc3VdMrjnWAcGMUi84EO
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 340 3008 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 340 3008 06712b4426ac6be0ab38c2e28f46092c.exe 31 PID 3008 wrote to memory of 340 3008 06712b4426ac6be0ab38c2e28f46092c.exe 31 PID 3008 wrote to memory of 340 3008 06712b4426ac6be0ab38c2e28f46092c.exe 31 PID 3008 wrote to memory of 340 3008 06712b4426ac6be0ab38c2e28f46092c.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\06712b4426ac6be0ab38c2e28f46092c.exe"C:\Users\Admin\AppData\Local\Temp\06712b4426ac6be0ab38c2e28f46092c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 1082⤵
- Program crash
PID:340
-