Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:44
Static task
static1
Behavioral task
behavioral1
Sample
bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe
Resource
win10v2004-20240802-en
General
-
Target
bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe
-
Size
157KB
-
MD5
efa2a43a6537ad97fddbad8ad6d53e50
-
SHA1
cef112037f866bf5af7e0bbd5743165ebafc9924
-
SHA256
bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5
-
SHA512
17fd78fcb319013491998ce8109477d27e8a470b18497afbe2d36a66c14ee20aed0539f9234e57ef1a2e3a270b2742e1702b168fa368b1c5e047f8ae3890f75c
-
SSDEEP
3072:TloraCO+VqTl9CWpSmre/wKAnxRHowIIJXQ8utlaDUSzty9TeCFj:pJ+6lrLdPRHo7IYt8DUSwxeCF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2800 2856 bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe 31 PID 2856 wrote to memory of 2800 2856 bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe 31 PID 2856 wrote to memory of 2800 2856 bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe"C:\Users\Admin\AppData\Local\Temp\bdb66a140c48fe2c348597a82bd6e6c8ce3a3cb7157ee552260f117a0e70aaa5N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2856 -s 4962⤵PID:2800
-