Analysis
-
max time kernel
45s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 19:40
Static task
static1
Behavioral task
behavioral1
Sample
c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe
Resource
win10v2004-20221111-en
General
-
Target
c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe
-
Size
244KB
-
MD5
5feef2236736c87bdd4e22dae28baf20
-
SHA1
5a2e2bcfb448fdf2dc9151e6b8792773e5cbe55f
-
SHA256
c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e
-
SHA512
05485c3244c6ef31e44ef64aec2328409be60e89ccf9158ea8cfc68e45759458d15627ae67bad226c03fd5e0af360765bf9449d3afcb8af8cf2875f78dd80bd7
-
SSDEEP
3072:PYujGyjmrXFF8bIFebOyjmrlyjmrOWMsKkjdJo4QCjyjmrZS+:PYujEb8mew1oCrE+
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1420 1600 WerFault.exe c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exedescription pid process target process PID 1600 wrote to memory of 1420 1600 c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe WerFault.exe PID 1600 wrote to memory of 1420 1600 c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe WerFault.exe PID 1600 wrote to memory of 1420 1600 c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe WerFault.exe PID 1600 wrote to memory of 1420 1600 c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe"C:\Users\Admin\AppData\Local\Temp\c313db7d3ae70272b72eebcec00c990a89c9a554e67e5bf6b50e638232fc919e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 5522⤵
- Program crash