Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
02-07-2022 15:40
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Tedy.123517.9877.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Tedy.123517.9877.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Tedy.123517.9877.exe
-
Size
1.8MB
-
MD5
212b1e774e310dbe4e92b01854f31d53
-
SHA1
635349bf28642a2a4b32155fe2864f6dfd51a483
-
SHA256
d22de2ac8939c185e56867b691702abd0304adf75c2b62dbff801228bdcf0dbe
-
SHA512
3c7be7251079c9610ddd5923307d4887746d6f43c8dcf81d82e2696726000cf8912be1530f1a388cd4520289bf0722dc270defbe23a631771a83befc2d9f689e
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1548 1612 WerFault.exe SecuriteInfo.com.Variant.Tedy.123517.9877.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
SecuriteInfo.com.Variant.Tedy.123517.9877.exedescription pid process target process PID 1612 wrote to memory of 1548 1612 SecuriteInfo.com.Variant.Tedy.123517.9877.exe WerFault.exe PID 1612 wrote to memory of 1548 1612 SecuriteInfo.com.Variant.Tedy.123517.9877.exe WerFault.exe PID 1612 wrote to memory of 1548 1612 SecuriteInfo.com.Variant.Tedy.123517.9877.exe WerFault.exe PID 1612 wrote to memory of 1548 1612 SecuriteInfo.com.Variant.Tedy.123517.9877.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.123517.9877.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.123517.9877.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 4882⤵
- Program crash