Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
16-03-2023 16:09
Behavioral task
behavioral1
Sample
b6d606de45f89345164819223d2a5e08.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
b6d606de45f89345164819223d2a5e08.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
b6d606de45f89345164819223d2a5e08.exe
-
Size
237KB
-
MD5
b6d606de45f89345164819223d2a5e08
-
SHA1
bf4ab211a40645cdebeac961b47a70fa1728ab7f
-
SHA256
b3b9f649e48152197eb0e08c73f41fd150f9a7c8356b43d681a4054350b9f2aa
-
SHA512
dd4bb00b0777f8cd017c594b53c7f85869f9886706ceb2267b0635b118a21a5e020f9e471104e271a40a2f449d680eb009a85d3d0f34132bd0db65020484dde0
-
SSDEEP
6144:CH4j3ERSVvZrpd386J+zOlc20ppOB9kmFzG1lF:CY7ERQRrpd3y/2sOB9kmZof
Score
7/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1736-54-0x000000013F3B0000-0x000000013F434000-memory.dmp vmprotect behavioral1/memory/1736-56-0x000000013F3B0000-0x000000013F434000-memory.dmp vmprotect -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2044 1736 WerFault.exe b6d606de45f89345164819223d2a5e08.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
b6d606de45f89345164819223d2a5e08.exedescription pid process target process PID 1736 wrote to memory of 2044 1736 b6d606de45f89345164819223d2a5e08.exe WerFault.exe PID 1736 wrote to memory of 2044 1736 b6d606de45f89345164819223d2a5e08.exe WerFault.exe PID 1736 wrote to memory of 2044 1736 b6d606de45f89345164819223d2a5e08.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6d606de45f89345164819223d2a5e08.exe"C:\Users\Admin\AppData\Local\Temp\b6d606de45f89345164819223d2a5e08.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1736 -s 682⤵
- Program crash