Analysis
-
max time kernel
40s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 21:14
Static task
static1
Behavioral task
behavioral1
Sample
e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe
-
Size
902KB
-
MD5
4c1d2266f813a4c181e42302698dab20
-
SHA1
c2c058aaf814478520f7b89ddc1e44d15ae19847
-
SHA256
e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6
-
SHA512
98e612a4376a32af2e5dbfab652cc027f41142a5261959926f4118080f1121b70b5892b69c3a0da3ff3151df7986b21e6aff5712d4642360a33626d0bee70577
-
SSDEEP
12288:tflmx9S5j5n8u3SE+JlLOJVK7UEaM5SO4zg4vPcHOps:ttZ3UJROJV7RFfcHOps
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1072 1916 WerFault.exe e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exedescription pid process target process PID 1916 wrote to memory of 1072 1916 e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe WerFault.exe PID 1916 wrote to memory of 1072 1916 e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe WerFault.exe PID 1916 wrote to memory of 1072 1916 e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe WerFault.exe PID 1916 wrote to memory of 1072 1916 e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe"C:\Users\Admin\AppData\Local\Temp\e877a8dc2909b397dffd106228fcc390e573be03c4f2c8f0d13cd42c022af3e6.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 1642⤵
- Program crash
PID:1072