Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-02-2023 05:40
Behavioral task
behavioral1
Sample
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe
Resource
win10v2004-20220812-en
General
-
Target
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe
-
Size
5.0MB
-
MD5
d85977e42b3104b4f170d38d205fa245
-
SHA1
f8c9a471cb588af86fe7df261fde4fb7e23fec0d
-
SHA256
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82
-
SHA512
34df13c448374690aa8e5001b398c16c6be26d782fe31dc8bb1e14baacb395770ef8207a9512c87c4e6c84e37987c91228cd08e7f1e5c604cbe889788133cfef
-
SSDEEP
98304:IzoGZR6vxb0pbLnVcDtZmIwMFFpqqq4V1sdSHNl0H/MqzDpNhHiA8aQpnZS2c:I0VpIFcxZ53qqq+sdUl69NdiApiE2
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1220 1488 WerFault.exe 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exepid process 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exedescription pid process target process PID 1488 wrote to memory of 1732 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe splwow64.exe PID 1488 wrote to memory of 1732 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe splwow64.exe PID 1488 wrote to memory of 1732 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe splwow64.exe PID 1488 wrote to memory of 1732 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe splwow64.exe PID 1488 wrote to memory of 1220 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe WerFault.exe PID 1488 wrote to memory of 1220 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe WerFault.exe PID 1488 wrote to memory of 1220 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe WerFault.exe PID 1488 wrote to memory of 1220 1488 013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe"C:\Users\Admin\AppData\Local\Temp\013a3110f4980097af0dd1a091181565b1b2ea29ead9fe960fc0c38358278d82.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:1732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 6002⤵
- Program crash
PID:1220