Analysis
-
max time kernel
38s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 19:08
Behavioral task
behavioral1
Sample
1912-231-0x0000000000400000-0x0000000000463000-memory.exe
Resource
win7-20220812-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
1912-231-0x0000000000400000-0x0000000000463000-memory.exe
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
1912-231-0x0000000000400000-0x0000000000463000-memory.exe
-
Size
396KB
-
MD5
1089d925539d1774367b9e50d330d3b4
-
SHA1
8c17974ae5db6708ea8cb5c7f59c53f205bfcec7
-
SHA256
1e7b0d76ba33d90a0eda37868deaa3614b75dc58e60c1e6c18ea3729314c1025
-
SHA512
1f7835899ddd7b7c7ea35d06bcc5ca2dc3d811ba018a5751c18a5f463d8615176c298eab2f21f51ae4ba8431730c0234a8a2d6d61ba2b5f480d38fc098fbeb09
-
SSDEEP
6144:87RuJ65bQbNrJOc7WW1LYEGDX61jtcvsyE/35/3GvYyk6z:KuJ65b6NVTWWjD1jtM+35/3GgyJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1072 1652 WerFault.exe 19 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1652 wrote to memory of 1072 1652 1912-231-0x0000000000400000-0x0000000000463000-memory.exe 27 PID 1652 wrote to memory of 1072 1652 1912-231-0x0000000000400000-0x0000000000463000-memory.exe 27 PID 1652 wrote to memory of 1072 1652 1912-231-0x0000000000400000-0x0000000000463000-memory.exe 27 PID 1652 wrote to memory of 1072 1652 1912-231-0x0000000000400000-0x0000000000463000-memory.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\1912-231-0x0000000000400000-0x0000000000463000-memory.exe"C:\Users\Admin\AppData\Local\Temp\1912-231-0x0000000000400000-0x0000000000463000-memory.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 362⤵
- Program crash
PID:1072
-