Analysis
-
max time kernel
36s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/10/2022, 20:27
Static task
static1
Behavioral task
behavioral1
Sample
1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe
Resource
win10v2004-20220901-en
General
-
Target
1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe
-
Size
320KB
-
MD5
a231f7a3ac315023f6d9ee5226c72090
-
SHA1
964aadc284a713da3ecd68a131cbeada984e5f37
-
SHA256
1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750
-
SHA512
7a3ffa20cd89616c5ba67121796567056b7a83e2de4ff12cb0520d31e1c5f58b55e9b3c4ebb6aed18baee04b5c17ea378a54a305fbc3ede0181798f181c2abb7
-
SSDEEP
6144:4PYilTNi+waIDLG9M+H2RfS155ONNXBuWoJBO9OMbHLkAqF7Ief9UmM7/uT:IPldwaoLU2EB0NxDIBuOFe7/uT
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1984 1148 WerFault.exe 24 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1148 wrote to memory of 1984 1148 1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe 26 PID 1148 wrote to memory of 1984 1148 1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe 26 PID 1148 wrote to memory of 1984 1148 1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe 26 PID 1148 wrote to memory of 1984 1148 1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe"C:\Users\Admin\AppData\Local\Temp\1ea5ed89d5d196bc6010d51f5500191c4de943f052f011f4bfc6f7e83ae9f750.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 362⤵
- Program crash
PID:1984
-