Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
29-09-2023 08:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a838d82a97f958416bc08c5985fea8ca.exe
Resource
win7-20230831-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a838d82a97f958416bc08c5985fea8ca.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
a838d82a97f958416bc08c5985fea8ca.exe
-
Size
325KB
-
MD5
a838d82a97f958416bc08c5985fea8ca
-
SHA1
b767c972b9d0f7779dc33af62ecdf0abe593c51b
-
SHA256
dab25832e2aa9b1844f34e23b9f7bac27dfe2af2ee2c9a5bbec45638caf87b05
-
SHA512
0fd873bbc3231815180b74b6181fa138ac9d2623b93d5d64cfa89c14b7e2f71104cba3c432e035dbedd45d383233adf7b3cb35a5a5e4d7db5d8ad9c3f23142a8
-
SSDEEP
6144:6rguHQQbURQH4SAisJeiF91l5xx8pSIHZKO7c:6rguH/URQYSAisJ9jx8pSaKC
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1168 1488 WerFault.exe a838d82a97f958416bc08c5985fea8ca.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
a838d82a97f958416bc08c5985fea8ca.exedescription pid process target process PID 1488 wrote to memory of 848 1488 a838d82a97f958416bc08c5985fea8ca.exe a838d82a97f958416bc08c5985fea8ca.exe PID 1488 wrote to memory of 848 1488 a838d82a97f958416bc08c5985fea8ca.exe a838d82a97f958416bc08c5985fea8ca.exe PID 1488 wrote to memory of 848 1488 a838d82a97f958416bc08c5985fea8ca.exe a838d82a97f958416bc08c5985fea8ca.exe PID 1488 wrote to memory of 848 1488 a838d82a97f958416bc08c5985fea8ca.exe a838d82a97f958416bc08c5985fea8ca.exe PID 1488 wrote to memory of 1168 1488 a838d82a97f958416bc08c5985fea8ca.exe WerFault.exe PID 1488 wrote to memory of 1168 1488 a838d82a97f958416bc08c5985fea8ca.exe WerFault.exe PID 1488 wrote to memory of 1168 1488 a838d82a97f958416bc08c5985fea8ca.exe WerFault.exe PID 1488 wrote to memory of 1168 1488 a838d82a97f958416bc08c5985fea8ca.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a838d82a97f958416bc08c5985fea8ca.exe"C:\Users\Admin\AppData\Local\Temp\a838d82a97f958416bc08c5985fea8ca.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\a838d82a97f958416bc08c5985fea8ca.exe"C:\Users\Admin\AppData\Local\Temp\a838d82a97f958416bc08c5985fea8ca.exe"2⤵PID:848
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 6202⤵
- Program crash
PID:1168