Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-01-2023 15:51
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
file.exe
-
Size
5.5MB
-
MD5
36e404e81aa3f4682eedf6536507d91b
-
SHA1
116a1aaa2e4a06cb97395225ccabe6b0d66e4be6
-
SHA256
2cc249a2be6c8f60714f21e8d0b4d4dc6cbda4cde7acfbfbfc1fca9e93778d84
-
SHA512
85cadf3b80c69e4e1b8b81b1c9ea45722c7aa14d2ece3950b762c2cc350805c8f2bd80ba9ab71d2f7c58046cb6f0d0be3f1dae77962c14125cc8a5feef439746
-
SSDEEP
98304:eDVp+Z/vQvvPn/pPBwYOb79BD+17rpEd6R3ubV3SDfJtLzlkCAdsOuwrGfhaFEti:eDVp+Z/vQvvPn/puZBD+17rpEd6R3ubL
Malware Config
Signatures
-
NetWire RAT payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/884-54-0x0000000001330000-0x00000000018AC000-memory.dmp netwire -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2028 884 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 884 wrote to memory of 2028 884 file.exe WerFault.exe PID 884 wrote to memory of 2028 884 file.exe WerFault.exe PID 884 wrote to memory of 2028 884 file.exe WerFault.exe PID 884 wrote to memory of 2028 884 file.exe WerFault.exe