Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-05-2022 13:50
Static task
static1
Behavioral task
behavioral1
Sample
79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe
-
Size
1.1MB
-
MD5
d3021071b734890e96b5c842a110b0a9
-
SHA1
4641e2b0cc28e0fbab2770b518026d7a84e1556d
-
SHA256
79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492
-
SHA512
65b3b0e663f9d88d854774f9846599059eec4a87c7cac5c6c55f77092d017dc26a8af464e105df23a26ba0e61c567aa55efae80f7ae7874c2727d1f6f43565f6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2008 1208 WerFault.exe 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exedescription pid process target process PID 1208 wrote to memory of 2008 1208 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe WerFault.exe PID 1208 wrote to memory of 2008 1208 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe WerFault.exe PID 1208 wrote to memory of 2008 1208 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe WerFault.exe PID 1208 wrote to memory of 2008 1208 79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe"C:\Users\Admin\AppData\Local\Temp\79b18eb46544d371c9eb56ca68817206c907e6fb681481d7546a6ff6e7130492.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 5362⤵
- Program crash