Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 07:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0309dd0131150796ea99b30a62194fae.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
0309dd0131150796ea99b30a62194fae.exe
-
Size
516KB
-
MD5
0309dd0131150796ea99b30a62194fae
-
SHA1
2df6e334708eae810a74b844fd57e18e9fdc34cd
-
SHA256
07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35
-
SHA512
3d4e5a0718d04fee92d8040880b631107d1e23a6b3bce430d58769179af999c28b99e50c5cd45f283339f7bbb24ffacbf601a5447edb12e28da4517fbfa282e8
-
SSDEEP
12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2096 1652 WerFault.exe 0309dd0131150796ea99b30a62194fae.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
0309dd0131150796ea99b30a62194fae.exedescription pid process target process PID 1652 wrote to memory of 2096 1652 0309dd0131150796ea99b30a62194fae.exe WerFault.exe PID 1652 wrote to memory of 2096 1652 0309dd0131150796ea99b30a62194fae.exe WerFault.exe PID 1652 wrote to memory of 2096 1652 0309dd0131150796ea99b30a62194fae.exe WerFault.exe PID 1652 wrote to memory of 2096 1652 0309dd0131150796ea99b30a62194fae.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0309dd0131150796ea99b30a62194fae.exe"C:\Users\Admin\AppData\Local\Temp\0309dd0131150796ea99b30a62194fae.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 962⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1652-0-0x0000000000020000-0x0000000000021000-memory.dmpFilesize
4KB