Analysis
-
max time kernel
36s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/09/2022, 00:43
Static task
static1
Behavioral task
behavioral1
Sample
389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe
Resource
win10v2004-20220812-en
General
-
Target
389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe
-
Size
1.2MB
-
MD5
3e151736ec42451b58ef32ef87d80cca
-
SHA1
7a6d305d533a3a485f782e7b5aad6760b321c6bf
-
SHA256
389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b
-
SHA512
2a8d584e3bc871f3035029e9ce93e34102039bce48aa68d3248852ff761de5a3a3ec5b350b904ce2ddf492dd49871108d0b91364272927810cc5f8293d547d2d
-
SSDEEP
24576:riOw7EJBb/D3GwlF8rbXL0M9bPx//MIHBteHZqdA:r3IU/q+8rzb9bPhkIHj7dA
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1580 1672 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1672 wrote to memory of 1580 1672 389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe 27 PID 1672 wrote to memory of 1580 1672 389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe 27 PID 1672 wrote to memory of 1580 1672 389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe 27 PID 1672 wrote to memory of 1580 1672 389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe"C:\Users\Admin\AppData\Local\Temp\389e3051954755b602d3ac67a21762654e0841bcad67d45e4762f9c001ba546b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 1562⤵
- Program crash
PID:1580
-