Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
13-04-2023 12:34
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
394KB
-
MD5
d74c5647d791583241baa5061e0063c9
-
SHA1
e404c6041dca2f3b767231e38dfca8faecca10ca
-
SHA256
bac6488f76da4691540401614bc665dfc5bec8d875cb26e72870c65ac43fe268
-
SHA512
7a60a3dc49c64f35a7d9b8838e45cb687f023778f65feb3c89d2465306bf1bfc300022e0ac1fbc7c2f5f8c69ce6b2bf78cabf2519a0919552d14ea4734ab579e
-
SSDEEP
12288:rkNkHyWEXeqvQYVby7+OLn2yTp/uzdGDHpc:skDqvQYV+qOL2y9/uzdGL
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1040 1088 WerFault.exe tmp.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
tmp.exedescription pid process target process PID 1088 wrote to memory of 1040 1088 tmp.exe WerFault.exe PID 1088 wrote to memory of 1040 1088 tmp.exe WerFault.exe PID 1088 wrote to memory of 1040 1088 tmp.exe WerFault.exe