Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-09-2022 08:51
Static task
static1
Behavioral task
behavioral1
Sample
1ab9115cce93709220c60217c4077c34.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1ab9115cce93709220c60217c4077c34.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
17 signatures
150 seconds
General
-
Target
1ab9115cce93709220c60217c4077c34.exe
-
Size
657KB
-
MD5
1ab9115cce93709220c60217c4077c34
-
SHA1
4444d87625d9001bbbe99d975542b97884cb83a0
-
SHA256
5f786ef7b4a40accb4b2903acf2bdf1b249c2c4514303bb7ca3c5ac6010ac9d4
-
SHA512
cd46ae14d3a2c81ea4bd791a51b867293c10ee3771697f6204e816f055d366b4f9a2f9faa5285cf4dd3c5f49066aa6b75805dc61da3a561810a6ef87ac5a12e1
-
SSDEEP
6144:dg5nk5lJmbKTk6b3HVaMjAsbNWTIRlRDBnN9PFja0HdjfCvA+YJJAUPvQ:dg5nkxmGT3Nx0MJN9PFrHdLCY+YJg
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 968 1848 WerFault.exe 1ab9115cce93709220c60217c4077c34.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
1ab9115cce93709220c60217c4077c34.exedescription pid process target process PID 1848 wrote to memory of 968 1848 1ab9115cce93709220c60217c4077c34.exe WerFault.exe PID 1848 wrote to memory of 968 1848 1ab9115cce93709220c60217c4077c34.exe WerFault.exe PID 1848 wrote to memory of 968 1848 1ab9115cce93709220c60217c4077c34.exe WerFault.exe PID 1848 wrote to memory of 968 1848 1ab9115cce93709220c60217c4077c34.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ab9115cce93709220c60217c4077c34.exe"C:\Users\Admin\AppData\Local\Temp\1ab9115cce93709220c60217c4077c34.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 962⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/968-54-0x0000000000000000-mapping.dmp