Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 18:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Wgdebahewafthr.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Wgdebahewafthr.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
Wgdebahewafthr.exe
-
Size
1.3MB
-
MD5
ac3cc1d716ec424586c4d87f5ae6f22a
-
SHA1
7f1bf229e51a5b0acd84ef0707c2efbb76af8aa3
-
SHA256
3e17df6d4f4f9f321f783a50e1f8b364203f181274ff217b0c2a216dff63d41f
-
SHA512
a2e4d04a7b6484e6965af2673a52fd7ffa4ce48324e54eb7c52bdc0c8fbc8c1a6eca7dc8e90f81abb8befa11c43182e2916ea9e34f3364937cfaf489a1934684
-
SSDEEP
24576:AP+g7Wy3xfMZKdcKtTjbJ4/EEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6Tjb4EEEEEEEEEEEEEEEEEEEE+
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2564 2876 WerFault.exe Wgdebahewafthr.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Wgdebahewafthr.exedescription pid process target process PID 2876 wrote to memory of 2564 2876 Wgdebahewafthr.exe WerFault.exe PID 2876 wrote to memory of 2564 2876 Wgdebahewafthr.exe WerFault.exe PID 2876 wrote to memory of 2564 2876 Wgdebahewafthr.exe WerFault.exe PID 2876 wrote to memory of 2564 2876 Wgdebahewafthr.exe WerFault.exe