Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
29-10-2024 09:40
Behavioral task
behavioral1
Sample
0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe
Resource
win10v2004-20241007-en
General
-
Target
0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe
-
Size
426KB
-
MD5
c34450440af105b055fe6b28c6af6e50
-
SHA1
9062abc3b7b458e52c9e9747730c58764645c399
-
SHA256
0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252
-
SHA512
8cc73036d8f1517069ab853016a438c0dfb69075562782dac2d00c950846ea42c8160c1d6f375e42952be604557e1ba2708a0409c697e32c115aac92e277b302
-
SSDEEP
6144:8Z5f30291xuMHlpw9wrvwewMdBtbIbd5xv6P/6CuCNJ0hOYD:8nk291kMHlpw6r4eL3IbxvoyClwzD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exedescription pid process target process PID 1156 wrote to memory of 1812 1156 0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe WerFault.exe PID 1156 wrote to memory of 1812 1156 0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe WerFault.exe PID 1156 wrote to memory of 1812 1156 0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe"C:\Users\Admin\AppData\Local\Temp\0baacdb18d69e921a3ac39b23a0f55aa02c2d8a2f06d1f2343499c65e8981252N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1156 -s 762⤵PID:1812