Analysis
-
max time kernel
41s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 05:32
Static task
static1
Behavioral task
behavioral1
Sample
b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe
Resource
win7-20220812-en
2 signatures
150 seconds
General
-
Target
b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe
-
Size
69KB
-
MD5
36372eec32766a73d248f6e6f2d8a590
-
SHA1
215a422bc0efb7b303c083e9deee034d34d4c0db
-
SHA256
b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750
-
SHA512
4f66e778473754ce1c3f85c9e6d931712c6aa5c640bc1f5a348c5f2a23cada885ee9fbcbeea70f729000a0e22fde2ce39686a87e9c0bc0bf883a373fc6e1dc25
-
SSDEEP
1536:gZxeCSzXkR7Osy6YNrbQOQGw9sKzo2nFWN1E+AwsP:gZxvY07OsyBQPKGsTE+UP
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1568 536 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 536 wrote to memory of 1568 536 b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe 27 PID 536 wrote to memory of 1568 536 b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe 27 PID 536 wrote to memory of 1568 536 b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe 27 PID 536 wrote to memory of 1568 536 b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe"C:\Users\Admin\AppData\Local\Temp\b581b4b656f909b2078ccd07ec92726142fe687be550ab7e68c68330b91f3750.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:536 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 1162⤵
- Program crash
PID:1568
-