c389139527daefe984a1e53875c8935ec1aaa7804ea8b3f2238d7e6a6550ed6f

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 19:35

Target

SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe
Size

580KB
MD5

8494afb813f1f5b79b727998e07c5eca
SHA1

88c1fbb2d092037537321b8b12b9aec9b30787d6
SHA256

c389139527daefe984a1e53875c8935ec1aaa7804ea8b3f2238d7e6a6550ed6f
SHA512

6b07a400da861bba77354d76da3b68e9f38186559713daa0bce39437d2e37d8d94d2346e51c5e52d068face2817cd12d1963333e04ede262e266b567079d4be7
SSDEEP

6144:1+0L0FO4KfsbBKH4AFaxgBHjB3rwErbr0pr6pr0TWRA4cxtSN+y0Ko:2OPfs1KH4AxBHjhbr0UpI4cxtSNJk

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1704 1928 WerFault.exe SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe

pid	pid_target	process	target process
1704	1928	WerFault.exe	SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe

description	pid	process	target process
PID 1928 wrote to memory of 1704	1928	SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe	WerFault.exe
PID 1928 wrote to memory of 1704	1928	SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe	WerFault.exe
PID 1928 wrote to memory of 1704	1928	SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe	WerFault.exe
PID 1928 wrote to memory of 1704	1928	SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Worm.Win32.Nuqel.28121.19847.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 36
2⤵
- Program crash
PID:1704