Analysis
-
max time kernel
26s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
09-07-2023 19:12
Behavioral task
behavioral1
Sample
8b7caa23b1aeeaexeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
8b7caa23b1aeeaexeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
8b7caa23b1aeeaexeexeexeex.exe
-
Size
335KB
-
MD5
8b7caa23b1aeea7c37219dce13f9a1a7
-
SHA1
f1af051fa9cceb918661e059c3494aa1b4e48333
-
SHA256
436b663b26617b3c104bebabfad58f40e5089fb9be144b9d5532b0ec6867dd4c
-
SHA512
5eafdefecd6d34e4e4ab51c506aa47a49e19ab4c33c17befa1894bff3ed734259249ade093daa5e2f7f7b8aa7427f609fcd411188787e038f02ee20f0911900f
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTf10qhh4+Ajrt:qtUGfVwUFzRG6EQ0POfiTT90qjAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3064 2340 WerFault.exe 8b7caa23b1aeeaexeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
8b7caa23b1aeeaexeexeexeex.exedescription pid process target process PID 2340 wrote to memory of 3064 2340 8b7caa23b1aeeaexeexeexeex.exe WerFault.exe PID 2340 wrote to memory of 3064 2340 8b7caa23b1aeeaexeexeexeex.exe WerFault.exe PID 2340 wrote to memory of 3064 2340 8b7caa23b1aeeaexeexeexeex.exe WerFault.exe PID 2340 wrote to memory of 3064 2340 8b7caa23b1aeeaexeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8b7caa23b1aeeaexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\8b7caa23b1aeeaexeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 1202⤵
- Program crash