Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
16-07-2024 14:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
839098d2b42765abf8c1066900745e03a0da338c.exe
Resource
win7-20240708-en
2 signatures
150 seconds
General
-
Target
839098d2b42765abf8c1066900745e03a0da338c.exe
-
Size
1.6MB
-
MD5
58f6371fad0f06a8c78026ca2d44e7ee
-
SHA1
839098d2b42765abf8c1066900745e03a0da338c
-
SHA256
42039b6edc8a92257987047991f1c99eac490366de4e22ff5f0c3fd8fa31135a
-
SHA512
d59565f0cf902ed54d5cacceff3f29ec78f824c792d5ae75677f26efec825187f0b6356b70a3005df9d8015904fb4c8398c8e499659c2168fccd77a976736aaa
-
SSDEEP
24576:1Hb5Bli50xv2T4EM9X0cjRjFmhco/ZyFvaZjeCi8DI/fdKFZA16GSbxpSA07YN3O:9b5W+uWRhKV4FceCxyKFZo
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2680 2984 WerFault.exe 839098d2b42765abf8c1066900745e03a0da338c.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
839098d2b42765abf8c1066900745e03a0da338c.exedescription pid process target process PID 2984 wrote to memory of 2680 2984 839098d2b42765abf8c1066900745e03a0da338c.exe WerFault.exe PID 2984 wrote to memory of 2680 2984 839098d2b42765abf8c1066900745e03a0da338c.exe WerFault.exe PID 2984 wrote to memory of 2680 2984 839098d2b42765abf8c1066900745e03a0da338c.exe WerFault.exe PID 2984 wrote to memory of 2680 2984 839098d2b42765abf8c1066900745e03a0da338c.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\839098d2b42765abf8c1066900745e03a0da338c.exe"C:\Users\Admin\AppData\Local\Temp\839098d2b42765abf8c1066900745e03a0da338c.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 7402⤵
- Program crash
PID:2680