Analysis
-
max time kernel
24s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
08/07/2023, 16:37
Behavioral task
behavioral1
Sample
665d42a12d2a16exeexeexeex.exe
Resource
win7-20230703-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
665d42a12d2a16exeexeexeex.exe
Resource
win10v2004-20230703-en
1 signatures
150 seconds
General
-
Target
665d42a12d2a16exeexeexeex.exe
-
Size
155KB
-
MD5
665d42a12d2a1683f2aa3fc0c491e2ff
-
SHA1
f600ff53b0fb347d5311c2941aaf21012b406bca
-
SHA256
ee3c36872402ecbd8a076e973091a1cc54daaf29ab1c1cedf55287455261722b
-
SHA512
677942250a2a19e0faa65dc3acf22af83d9a0ae31f9c704b8ccc3b9f7513829e5cf8acd031301be4679cab32cef18e335116ba4bb393b7551f7b7a2ec4a9c1d6
-
SSDEEP
3072:S5K/B0toLIpSNJLlxwsx89TSdBgjMqqDL2/TOKBDG:ScytwIEyTTSdBgQqqDL6SKU
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2372 1616 WerFault.exe 25 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1616 wrote to memory of 2372 1616 665d42a12d2a16exeexeexeex.exe 28 PID 1616 wrote to memory of 2372 1616 665d42a12d2a16exeexeexeex.exe 28 PID 1616 wrote to memory of 2372 1616 665d42a12d2a16exeexeexeex.exe 28 PID 1616 wrote to memory of 2372 1616 665d42a12d2a16exeexeexeex.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\665d42a12d2a16exeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\665d42a12d2a16exeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1616 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 882⤵
- Program crash
PID:2372
-