Analysis
-
max time kernel
26s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230705-en -
resource tags
arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system -
submitted
06-07-2023 12:48
Behavioral task
behavioral1
Sample
2a29d60c3fc57aexeexeexeex.exe
Resource
win7-20230705-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2a29d60c3fc57aexeexeexeex.exe
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
2a29d60c3fc57aexeexeexeex.exe
-
Size
335KB
-
MD5
2a29d60c3fc57ae863bfe725f6be64eb
-
SHA1
bcf1f470ad6d2998bcd3e5516ab42064985a6bd5
-
SHA256
565c089002892cf59e15ca6b9b4bad635a0f72ba8e2e277f41521bd80e6cd9bd
-
SHA512
b422f14fdc2c0559d04ce76f77f884d77a069c85a2b913dc068b0195a07832fa081134187c4b743702e662f636744547be811f1047bc96ad69132377aaa20866
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTA10qhh4TAjrt:qtUGfVwUFzRG6EQ0POfiTTA0qeAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2112 3044 WerFault.exe 2a29d60c3fc57aexeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
2a29d60c3fc57aexeexeexeex.exedescription pid process target process PID 3044 wrote to memory of 2112 3044 2a29d60c3fc57aexeexeexeex.exe WerFault.exe PID 3044 wrote to memory of 2112 3044 2a29d60c3fc57aexeexeexeex.exe WerFault.exe PID 3044 wrote to memory of 2112 3044 2a29d60c3fc57aexeexeexeex.exe WerFault.exe PID 3044 wrote to memory of 2112 3044 2a29d60c3fc57aexeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a29d60c3fc57aexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\2a29d60c3fc57aexeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 1202⤵
- Program crash