Analysis
-
max time kernel
41s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 09:10
Static task
static1
Behavioral task
behavioral1
Sample
Approved purchase order number PO2022070012.exe
Resource
win7-20220718-en
windows7-x64
2 signatures
150 seconds
General
-
Target
Approved purchase order number PO2022070012.exe
-
Size
592KB
-
MD5
e06695c163531f7089ca1b243ee8873f
-
SHA1
aa90d5f607fcdf8bce905a5f1ba8e2de4765fdf3
-
SHA256
6e69038d76d420bc65eedac8eb5c5b727303efdff971bb7ad8b8f3b4deee8a45
-
SHA512
7be6f6bb944a17898efaee35c56337437d0399fccefe13bd1649fbb58a68ba4bd847b22849599b90708b64e51c8963952d79cb001910268c23bdf6e58fe7a890
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1964 1440 WerFault.exe Approved purchase order number PO2022070012.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Approved purchase order number PO2022070012.exedescription pid process target process PID 1440 wrote to memory of 1964 1440 Approved purchase order number PO2022070012.exe WerFault.exe PID 1440 wrote to memory of 1964 1440 Approved purchase order number PO2022070012.exe WerFault.exe PID 1440 wrote to memory of 1964 1440 Approved purchase order number PO2022070012.exe WerFault.exe PID 1440 wrote to memory of 1964 1440 Approved purchase order number PO2022070012.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Approved purchase order number PO2022070012.exe"C:\Users\Admin\AppData\Local\Temp\Approved purchase order number PO2022070012.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 5842⤵
- Program crash