Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-04-2023 10:02
Static task
static1
Behavioral task
behavioral1
Sample
8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe
Resource
win10v2004-20230220-en
General
-
Target
8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe
-
Size
1.5MB
-
MD5
912fa18c345b3cea3314d443b1ab1fb2
-
SHA1
b7470dad432cc8b7b9072d7b09e7d2bdff53ef1c
-
SHA256
8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5
-
SHA512
a375e0ed5e1358278c9d0bbebaf9c8b8f56ad35b173c93b3b9cf34f9f4371da8f291150be837e5cbdd1556fe23961a0d5d616f496d2b4bcedc85d19ecfeb9732
-
SSDEEP
49152:xtzF0r+aaH7KUBKz2RxemTC1T6GLU39vzbxtMFC1VXI1+:bF0rgH7KsKGxPTC1T6GLUtvnmkVXI1
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 896 1704 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1704 wrote to memory of 896 1704 8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe 27 PID 1704 wrote to memory of 896 1704 8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe 27 PID 1704 wrote to memory of 896 1704 8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe 27 PID 1704 wrote to memory of 896 1704 8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe"C:\Users\Admin\AppData\Local\Temp\8d319c1ee8788c0612182007cbaeff1b7e7cdca7d4529b037f4851a4c8656ad5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 2242⤵
- Program crash
PID:896
-