Analysis
-
max time kernel
37s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 10:54
Static task
static1
Behavioral task
behavioral1
Sample
9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe
-
Size
556KB
-
MD5
cafda79c5f626eb242690f84432dea5d
-
SHA1
68d4d2b66cc8d793766511125b821347efd32af9
-
SHA256
9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580
-
SHA512
60c7970f205b18bb733ef7ee3b37b210860acb805865f510ab37b7026baa931d958631ebe09024c654e48cc22dcbc2829272c2560b0a6048f10027d5c7fae391
-
SSDEEP
6144:P3tyzR/0XkbwAxvPFp0Rj1hbbut0YZ7GUvPTECit3ArdKG1MnnjoAbmMsnGqXJFJ:P3ts5RR4zbFeD4CitcnFZVZuy5
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1488 900 WerFault.exe 26 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 900 wrote to memory of 1488 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 27 PID 900 wrote to memory of 1488 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 27 PID 900 wrote to memory of 1488 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 27 PID 900 wrote to memory of 1488 900 9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe"C:\Users\Admin\AppData\Local\Temp\9ea59db72716fa7f4b7b2ffc9af0438be124ef55f11cfd185d4ab0d98d103580.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 882⤵
- Program crash
PID:1488
-