Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
23-10-2023 19:29
Static task
static1
Behavioral task
behavioral1
Sample
c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe
Resource
win10v2004-20231020-en
General
-
Target
c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe
-
Size
1.2MB
-
MD5
f87feea23572e6954c82a39f42db7c49
-
SHA1
a4969650e3576bdf4e4509d7bbf99ceab33c1cac
-
SHA256
c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37
-
SHA512
d405ac41857a95d5bf3900a12e459f1b38b7ac7423fcf727a83b1e3ef8f866dddf0b85fe30ed2ab32633f31cd9dd7e24884f3714cd5d9cc81452132a6b0f6620
-
SSDEEP
24576:vA/389X9zMxnH4WVB5s4KQN2LTt8Y0edswcaWeoAuWU0sgGce7o9Pj3/t:vloMocT9
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exedescription pid process target process PID 2820 wrote to memory of 2624 2820 c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe WerFault.exe PID 2820 wrote to memory of 2624 2820 c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe WerFault.exe PID 2820 wrote to memory of 2624 2820 c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe"C:\Users\Admin\AppData\Local\Temp\c7bbafde9492c8d0197c140807272b9f5a75f9cf87d0077587bcdbefca4a5b37.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2820 -s 7282⤵PID:2624