Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
27-12-2022 19:54
Behavioral task
behavioral1
Sample
cb80fb19380b3dd20032763daa460af4452eebd7.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
cb80fb19380b3dd20032763daa460af4452eebd7.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
cb80fb19380b3dd20032763daa460af4452eebd7.exe
-
Size
2.3MB
-
MD5
5ab956806ec2e729b2c9c260ee3139f2
-
SHA1
cb80fb19380b3dd20032763daa460af4452eebd7
-
SHA256
ffae7d880fcb139d03941e1bc658ce463e179435f438d945c74067fe291beb23
-
SHA512
14e1c8e2903f213596841475fd0778628f4af70d8c31dc80e614131cd886a81c767ed2baef2f985c67f3d0bd041971234de9a6a117410ad691895b431c07ce68
-
SSDEEP
49152:D0h8WyLIxcxU0oQGqmIHyPFUI/G7y3NmbzoZAXCRWlR1ObMy1TKik:D0htUIOxUXlIHuaf7y3gz1KbM
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 532 1700 WerFault.exe cb80fb19380b3dd20032763daa460af4452eebd7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
cb80fb19380b3dd20032763daa460af4452eebd7.exedescription pid process target process PID 1700 wrote to memory of 532 1700 cb80fb19380b3dd20032763daa460af4452eebd7.exe WerFault.exe PID 1700 wrote to memory of 532 1700 cb80fb19380b3dd20032763daa460af4452eebd7.exe WerFault.exe PID 1700 wrote to memory of 532 1700 cb80fb19380b3dd20032763daa460af4452eebd7.exe WerFault.exe PID 1700 wrote to memory of 532 1700 cb80fb19380b3dd20032763daa460af4452eebd7.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb80fb19380b3dd20032763daa460af4452eebd7.exe"C:\Users\Admin\AppData\Local\Temp\cb80fb19380b3dd20032763daa460af4452eebd7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 1522⤵
- Program crash