Analysis
-
max time kernel
2s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 14:58
Behavioral task
behavioral1
Sample
b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
General
-
Target
b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe
-
Size
42KB
-
MD5
f2008bffad5ccf9cd33e507aa09115e6
-
SHA1
9263848ea90eedf58a90ba16a4ef13e0e5a8f33d
-
SHA256
b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5
-
SHA512
b9aaaf9ef49938fcc1633f53e6ee6a5a3317acfa852f5eafb673239c4df0421ed355d574132663530939da180928dcc80e2b7e53c4e9395b66660d31f92979fb
-
SSDEEP
768:J1zdC9wQCSVsjYj4rJbsfE6CqLw4B4oqYaoCujbfLP1rB:fcVVsjYUrJbHp54B4oqECCbfLdl
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 844 1788 WerFault.exe b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exedescription pid process target process PID 1788 wrote to memory of 844 1788 b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe WerFault.exe PID 1788 wrote to memory of 844 1788 b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe WerFault.exe PID 1788 wrote to memory of 844 1788 b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe"C:\Users\Admin\AppData\Local\Temp\b27f6eb1dc90fc2f6812ec6f72ce1d02cd73278530d74d54eeb4b3b24d32d8b5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1788 -s 5122⤵
- Program crash