Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 02:02
Static task
static1
Behavioral task
behavioral1
Sample
9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe
Resource
win10v2004-20240426-en
General
-
Target
9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe
-
Size
472KB
-
MD5
5e0db960120e6c67ccbc0b8a2cdaf6a7
-
SHA1
3b74573b5304f7c537f41e8827256bcf06d57953
-
SHA256
9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51
-
SHA512
96049128d06b3307a08f6b6b3afa664ab8b7850975e458c606e1d901ef79fe4fcdd566c68dbbdc58c4009b76959297345f66c6db6f913dfe88adfc44b5316264
-
SSDEEP
12288:CxpIXPTj/kUR24H+GlAGEyQWzt6ABi/LzK:aCrjz24hu/yt64+
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2372 2928 WerFault.exe 9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exedescription pid process target process PID 2928 wrote to memory of 2372 2928 9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe WerFault.exe PID 2928 wrote to memory of 2372 2928 9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe WerFault.exe PID 2928 wrote to memory of 2372 2928 9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe WerFault.exe PID 2928 wrote to memory of 2372 2928 9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe"C:\Users\Admin\AppData\Local\Temp\9d5c20e8ba2953e6d70e694d537d5f1ff5a0b6fd0adc88f48a087eccc8f91a51.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 482⤵
- Program crash