Analysis
-
max time kernel
102s -
max time network
105s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
13-01-2023 18:29
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
file.exe
-
Size
3.5MB
-
MD5
36a851f66225a2a17b500bb8d5a4cb85
-
SHA1
32aa1bba16dfe77644885fccd488d6d67da06c77
-
SHA256
22dc8f285c6a295d04d819bbcf8b2a9921536d28b40e15bdec32c9b02e44865e
-
SHA512
647e32ef94d48d067f3fc93789fb6dd425dc2acb7bc0757f7e4460a5602c9eaefa878f7555f219e77b10a1b1ced3a1ea7db42225b6af0be17b99a138a1a73165
-
SSDEEP
98304:b/E8A4wD6rM9DvlBYtA8mqMYE/T/GoTG6ri5l7+FZAeWqIq7P7CbM5zD6sILTjbV:g3T/md5h+tP9i4osI3jhMSN
Score
6/10
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 2 ipinfo.io 1 ipinfo.io -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1476 788 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 788 wrote to memory of 1476 788 file.exe WerFault.exe PID 788 wrote to memory of 1476 788 file.exe WerFault.exe PID 788 wrote to memory of 1476 788 file.exe WerFault.exe PID 788 wrote to memory of 1476 788 file.exe WerFault.exe