Analysis
-
max time kernel
119s -
max time network
133s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
12-02-2022 06:25
Static task
static1
Behavioral task
behavioral1
Sample
100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe
-
Size
100KB
-
MD5
84727567570b152ed8715ebec503c40f
-
SHA1
3b49ada75b343beb2a252efdac01d6c5a6f64a11
-
SHA256
100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a
-
SHA512
adb1a8ece00fcc867a3483d21535432b8dd69f580125590baec33180bf69f0c2e17c173816f708c5902a1a1432381a6850fb7dfdca573741b6ded9121eedac60
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1032 1592 WerFault.exe 100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1032 WerFault.exe 1032 WerFault.exe 1032 WerFault.exe 1032 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1032 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1032 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exedescription pid process target process PID 1592 wrote to memory of 1032 1592 100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe WerFault.exe PID 1592 wrote to memory of 1032 1592 100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe WerFault.exe PID 1592 wrote to memory of 1032 1592 100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe WerFault.exe PID 1592 wrote to memory of 1032 1592 100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe"C:\Users\Admin\AppData\Local\Temp\100f12ddd5d0c791f0113c7eb95dae01760b6095d323ceffc2041082657db55a.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1592 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 1202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1032