Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 08:16
Static task
static1
Behavioral task
behavioral1
Sample
1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe
Resource
win10v2004-20220901-en
General
-
Target
1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe
-
Size
231KB
-
MD5
6e264ad464454392d5fbe1073f39c766
-
SHA1
ab3150b06c01c7c42c434034ca58b57802524a67
-
SHA256
1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7
-
SHA512
a442c2272e56c48797f24ffb14c3ca807c20b914a30ffc8558616e4e238ff3424f893afcb5899ab5e76049314bcaa7e830a3e390cdc51fc354c8a91388b74cd9
-
SSDEEP
6144:Isceqs5qIhYzq40b8cRtedIkQ9mMEgr1f/7Mfz:Isce4IhYG1b7edITm4f/7ML
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1496 2016 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2016 wrote to memory of 1496 2016 1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe 27 PID 2016 wrote to memory of 1496 2016 1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe 27 PID 2016 wrote to memory of 1496 2016 1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe 27 PID 2016 wrote to memory of 1496 2016 1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe"C:\Users\Admin\AppData\Local\Temp\1b115ca540fe98d42534d7165ec9fb27e64bf745181b81b788126871e2c329b7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 442⤵
- Program crash
PID:1496
-