Analysis
-
max time kernel
35s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-02-2023 16:51
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
394KB
-
MD5
d74c5647d791583241baa5061e0063c9
-
SHA1
e404c6041dca2f3b767231e38dfca8faecca10ca
-
SHA256
bac6488f76da4691540401614bc665dfc5bec8d875cb26e72870c65ac43fe268
-
SHA512
7a60a3dc49c64f35a7d9b8838e45cb687f023778f65feb3c89d2465306bf1bfc300022e0ac1fbc7c2f5f8c69ce6b2bf78cabf2519a0919552d14ea4734ab579e
-
SSDEEP
12288:rkNkHyWEXeqvQYVby7+OLn2yTp/uzdGDHpc:skDqvQYV+qOL2y9/uzdGL
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1988 1044 WerFault.exe tmp.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
tmp.exedescription pid process target process PID 1044 wrote to memory of 1988 1044 tmp.exe WerFault.exe PID 1044 wrote to memory of 1988 1044 tmp.exe WerFault.exe PID 1044 wrote to memory of 1988 1044 tmp.exe WerFault.exe