Analysis
-
max time kernel
31s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
07-07-2023 20:11
Behavioral task
behavioral1
Sample
55aec8e34e6e0aexeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
55aec8e34e6e0aexeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
55aec8e34e6e0aexeexeexeex.exe
-
Size
335KB
-
MD5
55aec8e34e6e0afa7ede1f80dd754419
-
SHA1
1dfea4c1b3c5271c2b59e9e4413bd725f3e3b5d4
-
SHA256
315718c73e874ff693a49c68fbf283bfedd609af4a077a6f22877233ba3e84e1
-
SHA512
45e2f6d51e834a5452a176fbb3713576da230ca2682fa52ab790b58054dfd7475e86a6fd55ecf73cdc593486e1cb695dd6f6e7b8d609f984b3c5e72693c542c3
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTC10qhh4nAjrt:qtUGfVwUFzRG6EQ0POfiTTK0qOAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3068 3048 WerFault.exe 55aec8e34e6e0aexeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
55aec8e34e6e0aexeexeexeex.exedescription pid process target process PID 3048 wrote to memory of 3068 3048 55aec8e34e6e0aexeexeexeex.exe WerFault.exe PID 3048 wrote to memory of 3068 3048 55aec8e34e6e0aexeexeexeex.exe WerFault.exe PID 3048 wrote to memory of 3068 3048 55aec8e34e6e0aexeexeexeex.exe WerFault.exe PID 3048 wrote to memory of 3068 3048 55aec8e34e6e0aexeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\55aec8e34e6e0aexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\55aec8e34e6e0aexeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 1202⤵
- Program crash
PID:3068