Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
21-01-2023 08:20
Static task
static1
Behavioral task
behavioral1
Sample
4f574f096b3f398ba57f5ee6c4cdd359.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4f574f096b3f398ba57f5ee6c4cdd359.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
4f574f096b3f398ba57f5ee6c4cdd359.exe
-
Size
1.4MB
-
MD5
4f574f096b3f398ba57f5ee6c4cdd359
-
SHA1
eeec23e1f1108b237cf1e0b06518fb831d1bee8c
-
SHA256
b6ff94943387d2c87a943f0467524529892eaa4a3195312e6186da7beb4afa5e
-
SHA512
cdea21588e3a8ee2781255f8a5268e8678adb24536ecf489ddeb3dff6cefa91bc84cd349f3c3aab8019e59506022269ea94f124f4d1085bb39918a2adcb5c066
-
SSDEEP
24576:KGgUpn7BeYfAjXxo8wWvH5aO5iBrFYPYt79Q:KGVjIjaWxaOCrFl6
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1644 792 WerFault.exe 4f574f096b3f398ba57f5ee6c4cdd359.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
4f574f096b3f398ba57f5ee6c4cdd359.exedescription pid process target process PID 792 wrote to memory of 1644 792 4f574f096b3f398ba57f5ee6c4cdd359.exe WerFault.exe PID 792 wrote to memory of 1644 792 4f574f096b3f398ba57f5ee6c4cdd359.exe WerFault.exe PID 792 wrote to memory of 1644 792 4f574f096b3f398ba57f5ee6c4cdd359.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f574f096b3f398ba57f5ee6c4cdd359.exe"C:\Users\Admin\AppData\Local\Temp\4f574f096b3f398ba57f5ee6c4cdd359.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:792 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 792 -s 5842⤵
- Program crash
PID:1644