Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
02-07-2024 14:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
KFlauncher.exe
Resource
win7-20240508-en
2 signatures
150 seconds
General
-
Target
KFlauncher.exe
-
Size
937KB
-
MD5
edfa515fb1995ccaa53ba97259bdc552
-
SHA1
4840b49873edc09129a3d725e861a5d3edb8924b
-
SHA256
7d0ca7b717b408404ea0d4ce98ef1cd2947402d23a7fb8c4429d18707041396c
-
SHA512
864d2012340b4835c22a8b8a3fd6b42b87b2f1a4d79f2d6e48883a1819a84ca427b0a9c6d73078aad15a4c1696e0e54aed7f56f68a6e00d205b4444610aafed7
-
SSDEEP
24576:flj0NdQCg30ly0HsqzDC3UALO6FIb+ayoiWF3pw:tLEY0Hsqz+AcIbinWF5w
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2168 1952 WerFault.exe KFlauncher.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
KFlauncher.exedescription pid process target process PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe PID 1952 wrote to memory of 2168 1952 KFlauncher.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1952-0-0x00000000000A0000-0x00000000000A1000-memory.dmpFilesize
4KB