Analysis
-
max time kernel
126s -
max time network
135s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
24-01-2022 00:46
Static task
static1
Behavioral task
behavioral1
Sample
eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe
-
Size
164KB
-
MD5
47a1e9b344b5844ca6ed47cfca2d1add
-
SHA1
faa8ce757251a9dfbd2d210f348e50713c0dacee
-
SHA256
eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b
-
SHA512
70f4bdf37ddc8081bd75503618917e82824ffb39743a3ec1e2bd95b0c3231a408f639bb3f60711ee784044b8a24e912022894d717843f3c30c87c121c1ed8d27
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 804 792 WerFault.exe eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 804 WerFault.exe 804 WerFault.exe 804 WerFault.exe 804 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 804 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 804 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exedescription pid process target process PID 792 wrote to memory of 804 792 eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe WerFault.exe PID 792 wrote to memory of 804 792 eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe WerFault.exe PID 792 wrote to memory of 804 792 eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe WerFault.exe PID 792 wrote to memory of 804 792 eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe"C:\Users\Admin\AppData\Local\Temp\eb9e29ae325b90b1b28d7ff500c53762ac0933c4e977ea8e876e6c0a8495471b.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:792 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 522⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:804