Analysis
-
max time kernel
30s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
10-07-2023 14:49
Behavioral task
behavioral1
Sample
c9d6467f62613cexeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
c9d6467f62613cexeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
c9d6467f62613cexeexeexeex.exe
-
Size
335KB
-
MD5
c9d6467f62613c75e7ac5f1544547578
-
SHA1
410d1497246333a95cd2625f4611ec150e5a84e6
-
SHA256
0fef280911f0d98a5e3f03bd59501dd7ca468361eccbedf86dfa9b3a44a1e5f2
-
SHA512
7f3c0a8a913417b47d4ed2abe7d75cb1baf82f2b4bd06e3781018aa66fbf98f85e62832f8d1a8afa68f20014be482ba6a80370edf395c98d1fe3fd020beb54cd
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTH10qhh4UAjrt:qtUGfVwUFzRG6EQ0POfiTTV0qRAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2408 2380 WerFault.exe c9d6467f62613cexeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
c9d6467f62613cexeexeexeex.exedescription pid process target process PID 2380 wrote to memory of 2408 2380 c9d6467f62613cexeexeexeex.exe WerFault.exe PID 2380 wrote to memory of 2408 2380 c9d6467f62613cexeexeexeex.exe WerFault.exe PID 2380 wrote to memory of 2408 2380 c9d6467f62613cexeexeexeex.exe WerFault.exe PID 2380 wrote to memory of 2408 2380 c9d6467f62613cexeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9d6467f62613cexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\c9d6467f62613cexeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 1202⤵
- Program crash