Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-01-2023 11:34
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
9 signatures
150 seconds
General
-
Target
file.exe
-
Size
693KB
-
MD5
2bfb1210836df1f8cd8ad0b23a4e751b
-
SHA1
a9f0b00f0f237557338a7fdad9be320aff5c914b
-
SHA256
6cfc4dfd10e4a160e8d70e9a8178288daff0ec49e39dd5f45f9ea553b94b4a8f
-
SHA512
52cb115ec999c2af7a781bd5e42ca8dcb2df9c7660ddf2f8103212bac18f9fbf2610d3593102532dc84b63f790da9f830d5e244ff586277f9b46bbc7522cbc96
-
SSDEEP
12288:dM7vTkRj+7mrsHXoVjFlXWRFrvUo9qU7wL/K0ifFAdEB3aB/Ksq/Ksd/KsS:di2j+UQ4FFYrvMQS//kUQ3gidi
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1204 856 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
file.exedescription pid process target process PID 856 wrote to memory of 1204 856 file.exe WerFault.exe PID 856 wrote to memory of 1204 856 file.exe WerFault.exe PID 856 wrote to memory of 1204 856 file.exe WerFault.exe