Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
10-07-2023 18:26
Behavioral task
behavioral1
Sample
dad6f36ec6129dexeexeexeex.exe
Resource
win7-20230703-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
dad6f36ec6129dexeexeexeex.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
dad6f36ec6129dexeexeexeex.exe
-
Size
335KB
-
MD5
dad6f36ec6129dbaca93d7f3c2f4ae86
-
SHA1
bd2b4faaf239c68c99d4b2c707a673920b03e890
-
SHA256
2705a76df230ab1bd6ccfbc976eb2a1d462bb4e036369d716b78d68dbc1fa905
-
SHA512
3532420b8b8de86847658b93ee270a4c8cda9d15238fd6018660031f28315ca4539abff099becc531a48e9a28e19c8843464f87a944f161e275ef1e0312d8bf5
-
SSDEEP
6144:qtUGfUWOeEBUEhLkXj3zRG6yLQ/UNP4H2CiTTc10qhh48Ajrt:qtUGfVwUFzRG6EQ0POfiTTs0qdAjrt
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1804 1744 WerFault.exe dad6f36ec6129dexeexeexeex.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
dad6f36ec6129dexeexeexeex.exedescription pid process target process PID 1744 wrote to memory of 1804 1744 dad6f36ec6129dexeexeexeex.exe WerFault.exe PID 1744 wrote to memory of 1804 1744 dad6f36ec6129dexeexeexeex.exe WerFault.exe PID 1744 wrote to memory of 1804 1744 dad6f36ec6129dexeexeexeex.exe WerFault.exe PID 1744 wrote to memory of 1804 1744 dad6f36ec6129dexeexeexeex.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dad6f36ec6129dexeexeexeex.exe"C:\Users\Admin\AppData\Local\Temp\dad6f36ec6129dexeexeexeex.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 1202⤵
- Program crash