Analysis
-
max time kernel
274s -
max time network
275s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 17:58
Static task
static1
Behavioral task
behavioral1
Sample
3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
Resource
win10v2004-20221111-en
General
-
Target
3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe
-
Size
410KB
-
MD5
3b194b104e8a9bbe2a24ef2de65a354e
-
SHA1
f4700c00fb928844b719e60bd1ad9708a013bf9d
-
SHA256
3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09
-
SHA512
3044217c8663d1b193188e3fa4e6222a4ae9f9c7b64a37a69d729d405e3715280eb8a31b036f6cca75afb6658cd3916dab5f435f241057c6fd9cbadac32b1e64
-
SSDEEP
6144:lIYgyLGFAOZrVfwZDGkU9P47K9X9L+IpC0dgZ/865:iYbLYnV6dG+/cO/8
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 3656 1628 WerFault.exe 3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe 1260 1628 WerFault.exe 3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exedescription pid process target process PID 1628 wrote to memory of 3656 1628 3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe WerFault.exe PID 1628 wrote to memory of 3656 1628 3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe WerFault.exe PID 1628 wrote to memory of 3656 1628 3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe"C:\Users\Admin\AppData\Local\Temp\3182e0e2a49f2b8aa0aca0fda10db1e2457e81d055a30335cece726e81f5bb09.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 3242⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 3242⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1628 -ip 16281⤵