Analysis
-
max time kernel
32s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
08-05-2022 10:57
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
tmp.exe
-
Size
925KB
-
MD5
4470f83cba058890c43ded4a3940c3dc
-
SHA1
f9c2953280646715ec9ad0d034a6eae43d1fc8c4
-
SHA256
0a779376d06a79b1b6c3ab2e2b241adf8b39db02e8180829a8f7071847f42b56
-
SHA512
8e3804af84b5f8d04630283dbc8764ea8d7395af635615013bf9bc25d3290c248a24e1b6f8486960aba5569c4cce105fb9f0ff82661d5f587ae56cab18b88981
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 928 968 WerFault.exe tmp.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
tmp.exedescription pid process Token: SeDebugPrivilege 968 tmp.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
tmp.exedescription pid process target process PID 968 wrote to memory of 928 968 tmp.exe WerFault.exe PID 968 wrote to memory of 928 968 tmp.exe WerFault.exe PID 968 wrote to memory of 928 968 tmp.exe WerFault.exe PID 968 wrote to memory of 928 968 tmp.exe WerFault.exe