Analysis
-
max time kernel
46s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03-10-2022 02:42
Static task
static1
Behavioral task
behavioral1
Sample
2545131b7880bd854f3c9148277af024.exe
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
General
-
Target
2545131b7880bd854f3c9148277af024.exe
-
Size
292KB
-
MD5
2545131b7880bd854f3c9148277af024
-
SHA1
846cf8458ca76e9cc8092218006c0e5bb1a68e8c
-
SHA256
e8d1a8908e063d4b824cde1d0d0bdf812ace1e50000a4accddb8b306664b4062
-
SHA512
c7a31f69621e60c1950f48c92c1633f2bee2f36adc8b5a2627d21dacda15f70d16f50b1a2dd3e575c7453380ca3c828cda8f86dda285e174af9f9944c42aa787
-
SSDEEP
3072:JOC+EnCeqk1oPh1MZf8EQ1DyWgi/ysf0e:EYN9oJ1MZ0JGW5rf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1376 2016 WerFault.exe 2545131b7880bd854f3c9148277af024.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2545131b7880bd854f3c9148277af024.exedescription pid process target process PID 2016 wrote to memory of 1376 2016 2545131b7880bd854f3c9148277af024.exe WerFault.exe PID 2016 wrote to memory of 1376 2016 2545131b7880bd854f3c9148277af024.exe WerFault.exe PID 2016 wrote to memory of 1376 2016 2545131b7880bd854f3c9148277af024.exe WerFault.exe PID 2016 wrote to memory of 1376 2016 2545131b7880bd854f3c9148277af024.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2545131b7880bd854f3c9148277af024.exe"C:\Users\Admin\AppData\Local\Temp\2545131b7880bd854f3c9148277af024.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 962⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1376-54-0x0000000000000000-mapping.dmp