Analysis
-
max time kernel
41s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 19:47
Static task
static1
Behavioral task
behavioral1
Sample
87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe
-
Size
664KB
-
MD5
7b7562a6fee4b75e2422eb9b2faecd5c
-
SHA1
f50fc80dfa8c00ea6d3b576963d4062fda21c1d9
-
SHA256
87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf
-
SHA512
5d2077ce58c0d592740711e283203bb97a7ea0f33d7b84861141d99cc924c6999f180e7a4c3e5cb34e32d6821308514585117384fe93e7dcd2871eb2d2a1cff5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2028 756 WerFault.exe 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exedescription pid process target process PID 756 wrote to memory of 2028 756 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe WerFault.exe PID 756 wrote to memory of 2028 756 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe WerFault.exe PID 756 wrote to memory of 2028 756 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe WerFault.exe PID 756 wrote to memory of 2028 756 87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe"C:\Users\Admin\AppData\Local\Temp\87ff199a7b223eb9ea6d24df439a4d65c28350bcb99b0f2694c33dbedc0046cf.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 5482⤵
- Program crash