Analysis
-
max time kernel
3s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 11:18
Static task
static1
Behavioral task
behavioral1
Sample
8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe
Resource
win10v2004-20221111-en
General
-
Target
8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe
-
Size
56KB
-
MD5
69e01a05993f4abae67930ce7b9bbc19
-
SHA1
50a749ad1be1e861f728779f97291d4ce1aafad7
-
SHA256
8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646
-
SHA512
581cc7fb27542bf74c8dc88f4725ecedf37394927ba2a21bd9f6611c285d4a52a3df2702bf439164b434d3c80cedd7686cbb49691df5ec49ad13708188e5c017
-
SSDEEP
1536:yZKKKGV+jNiJTyOuDL3OKsa9/VLnoYDJzLvM+a0blyEbVgx:ydplydODa9VLnoc1UyRVgx
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1756 1324 WerFault.exe 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exedescription pid process target process PID 1324 wrote to memory of 1756 1324 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe WerFault.exe PID 1324 wrote to memory of 1756 1324 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe WerFault.exe PID 1324 wrote to memory of 1756 1324 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe WerFault.exe PID 1324 wrote to memory of 1756 1324 8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe"C:\Users\Admin\AppData\Local\Temp\8e3390168bf21f6566653490cf600f87b640033498d91d8acc29dc1d17a35646.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1324 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 362⤵
- Program crash
PID:1756