Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-12-2022 12:25
Behavioral task
behavioral1
Sample
JHGSD37623.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
JHGSD37623.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
15 signatures
150 seconds
General
-
Target
JHGSD37623.exe
-
Size
537KB
-
MD5
43f232536b413ebf169141944069ae77
-
SHA1
0efc90691d45072ddd595cc4c2258e2f4bea42de
-
SHA256
a227c96af593108664720742c60c200d370094fb1c2acf8ff5516611917f2c64
-
SHA512
3adb48ae6dcdfbea2ac3bea9439e1d5d44884a3a5d5f3ac31ff9ad7a437f8a877a4ca8a1eda9213d4bced7e5c1181a0197aa957d422620a83fbbc745b0f470f6
-
SSDEEP
12288:g4lThwQGIQilGzWTifG1g6eUtEsx1P5W1Zrr004mTbtoMA:RlTOFq7TifGG66sv5W1Zrndbt
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1196-55-0x000000013F090000-0x000000013F1F3000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 884 1196 WerFault.exe JHGSD37623.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
JHGSD37623.exedescription pid process target process PID 1196 wrote to memory of 884 1196 JHGSD37623.exe WerFault.exe PID 1196 wrote to memory of 884 1196 JHGSD37623.exe WerFault.exe PID 1196 wrote to memory of 884 1196 JHGSD37623.exe WerFault.exe