Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
02-07-2024 10:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240611-en
10 signatures
150 seconds
General
-
Target
file.exe
-
Size
935KB
-
MD5
75a2d212a591a83a4d0c88a92b390b88
-
SHA1
8f69b79a0d6bc6b4def35b38ec46d15e6eb1c1d9
-
SHA256
cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71
-
SHA512
e7242ef4042f96743a6f999bee1a5ee93a88a6aa83385a28d2b868bd2c2f6734c0bc9192059e5a7862cff747a4dee8a16e9ac10cb659cbd2f05a4a040dd05a47
-
SSDEEP
24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3008 624 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 624 wrote to memory of 3008 624 file.exe WerFault.exe PID 624 wrote to memory of 3008 624 file.exe WerFault.exe PID 624 wrote to memory of 3008 624 file.exe WerFault.exe PID 624 wrote to memory of 3008 624 file.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/624-0-0x0000000000070000-0x0000000000071000-memory.dmpFilesize
4KB