Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
08-07-2023 11:33
Behavioral task
behavioral1
Sample
78b309bb8f8aa1exeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
78b309bb8f8aa1exeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
78b309bb8f8aa1exeexeexeex.exe
-
Size
335KB
-
MD5
78b309bb8f8aa16ad5c1870075253cbd
-
SHA1
f734a99799b37c33946b50e866f33673dbd3fb00
-
SHA256
5e21391ba216a5d46e11789e4618fadfc37d54b2b32a12c6eb758da147a3b421
-
SHA512
e7914756e675e1599672a832980c4322b60127ec84e59b33dd62e6c3a81599f03747f247294ab941f9ba7d8375aad8ae3ba224de5f887ec4bb2ecca77afb2d63
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTK10qhh49Ajrt:qtUGfVwUFzRG6EQ0POfiTTC0qUAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2352 2188 WerFault.exe 78b309bb8f8aa1exeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
78b309bb8f8aa1exeexeexeex.exedescription pid process target process PID 2188 wrote to memory of 2352 2188 78b309bb8f8aa1exeexeexeex.exe WerFault.exe PID 2188 wrote to memory of 2352 2188 78b309bb8f8aa1exeexeexeex.exe WerFault.exe PID 2188 wrote to memory of 2352 2188 78b309bb8f8aa1exeexeexeex.exe WerFault.exe PID 2188 wrote to memory of 2352 2188 78b309bb8f8aa1exeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\78b309bb8f8aa1exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\78b309bb8f8aa1exeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 1202⤵
- Program crash
PID:2352