Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-11-2022 16:20
Static task
static1
Behavioral task
behavioral1
Sample
0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe
Resource
win10v2004-20220901-en
General
-
Target
0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe
-
Size
662KB
-
MD5
0528395612437030025e6e1b0ca9d619
-
SHA1
129837f35fdf5e40f4b5048dc790530065a8a32e
-
SHA256
0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693
-
SHA512
ef57139e4beb9b7e30272a5e021c7333bf4eac1c4cddd0c91b3d199a292ad1e0b9225a90e434497071c89147630c71415b087f459779c14ad55ef3c54e1e5016
-
SSDEEP
12288:EmxeD3h/N1jpZNi9R+swevu2lyVhjMpuxoYB6SfS8ivUHRwvoLo1nHZ1XztgZaC/:nANtN8KjMpuxoYB6SfS8ivUHRwvoLo1+
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1076 1488 WerFault.exe 25 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1488 wrote to memory of 1076 1488 0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe 26 PID 1488 wrote to memory of 1076 1488 0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe 26 PID 1488 wrote to memory of 1076 1488 0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe 26 PID 1488 wrote to memory of 1076 1488 0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe"C:\Users\Admin\AppData\Local\Temp\0b6667523185c9565bb52b42350a2cb351143d95eed1b7c1a6e9ed049334e693.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 1522⤵
- Program crash
PID:1076
-