Analysis
-
max time kernel
42s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 22:04
Behavioral task
behavioral1
Sample
193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe
Resource
win7-20220901-en
3 signatures
150 seconds
General
-
Target
193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe
-
Size
356KB
-
MD5
73deaa02a442a58e190e810722835f4f
-
SHA1
feedf067912cd7f7259b5aef7343427e079bf966
-
SHA256
193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966
-
SHA512
9be75cf27adcd5c7b7e8f90c67d1c26fa491d31ab5b7116cfbf3f8e291266a08c628b5e46d111774ea1204342055787d5582b6f70a47cce62ebb8e0a45de8291
-
SSDEEP
6144:ETnjnvrM3mjHGh5Doh9Z5cAea4Jv81E6eiqgq8WfV5vP1:EHn438Hwerea2vEEriXq8WfV
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1752-56-0x0000000000400000-0x00000000004B4000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 1576 1752 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1752 wrote to memory of 1576 1752 193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe 27 PID 1752 wrote to memory of 1576 1752 193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe 27 PID 1752 wrote to memory of 1576 1752 193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe 27 PID 1752 wrote to memory of 1576 1752 193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe"C:\Users\Admin\AppData\Local\Temp\193c912f6dd6be09c3030bfc102bfe509181e02ccc59a38d4358712f4affe966.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 2042⤵
- Program crash
PID:1576
-