Analysis
-
max time kernel
25s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 11:20
Static task
static1
Behavioral task
behavioral1
Sample
c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe
Resource
win10v2004-20220812-en
General
-
Target
c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe
-
Size
75KB
-
MD5
a54adaa323962936e53117db4e7fcb9b
-
SHA1
bab9ff6b7d9100dce35859439c2d04bad37a8cf2
-
SHA256
c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc
-
SHA512
1de0a41d53c9d20465c4bca3fc0a38272b38c11284a9b72dad87e801d4f02d3fae826ba8015159ba17bae6648bb56cd21f320f704e5d75f87457ed1a3df731a3
-
SSDEEP
1536:nMDFXFUwRs7lzXawVIy49oCxyHRUyUv0yUMnDfXILIem/ostd:MwwIlzX9VIy49dyHVqRfXIL5Wztd
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2040 2020 WerFault.exe c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exedescription pid process target process PID 2020 wrote to memory of 2040 2020 c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe WerFault.exe PID 2020 wrote to memory of 2040 2020 c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe WerFault.exe PID 2020 wrote to memory of 2040 2020 c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe WerFault.exe PID 2020 wrote to memory of 2040 2020 c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe"C:\Users\Admin\AppData\Local\Temp\c6e3ca7c4e752d2301fa7816b91aeb11ad24f79cf26e6d5f91381ba220fe9acc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 362⤵
- Program crash