Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
29-06-2024 09:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a957dc16d684fbd7e12fc87e8ee12fea.exe
Resource
win7-20240611-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a957dc16d684fbd7e12fc87e8ee12fea.exe
Resource
win10v2004-20240508-en
10 signatures
150 seconds
General
-
Target
a957dc16d684fbd7e12fc87e8ee12fea.exe
-
Size
512KB
-
MD5
a957dc16d684fbd7e12fc87e8ee12fea
-
SHA1
20c73ccfdba13fd9b79c9e02432be39e48e4b37d
-
SHA256
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
SHA512
fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b
-
SSDEEP
12288:4iFfKsLIh/4hBNR3lfo4T4A1i5g70dbRFpJtRSfF:40iP/E/pigb1i5Q0dbLLWf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1560 2108 WerFault.exe a957dc16d684fbd7e12fc87e8ee12fea.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
a957dc16d684fbd7e12fc87e8ee12fea.exedescription pid process target process PID 2108 wrote to memory of 1560 2108 a957dc16d684fbd7e12fc87e8ee12fea.exe WerFault.exe PID 2108 wrote to memory of 1560 2108 a957dc16d684fbd7e12fc87e8ee12fea.exe WerFault.exe PID 2108 wrote to memory of 1560 2108 a957dc16d684fbd7e12fc87e8ee12fea.exe WerFault.exe PID 2108 wrote to memory of 1560 2108 a957dc16d684fbd7e12fc87e8ee12fea.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a957dc16d684fbd7e12fc87e8ee12fea.exe"C:\Users\Admin\AppData\Local\Temp\a957dc16d684fbd7e12fc87e8ee12fea.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 962⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2108-0-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB