Analysis
-
max time kernel
39s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 12:23
Static task
static1
Behavioral task
behavioral1
Sample
BOOKING.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
BOOKING.exe
-
Size
291KB
-
MD5
c97d31e6c4311d688c7de8a19ba9f488
-
SHA1
2c0aa234321581f6414535e165a832b8cd4a4704
-
SHA256
1fbae4f859c40f9446d06e76a4acf496fe0a43fb93b87f87d1077ab8a4490480
-
SHA512
62ffa02b28fa3105aa8da596d3f1fa3d26e820909de85e63dc1b539ac02305e08d5e77ec06a462f9864c281d3ff5db71fb8c9f624ea973c99981da080fa8b0ee
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1164 964 WerFault.exe BOOKING.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
BOOKING.exedescription pid process target process PID 964 wrote to memory of 1164 964 BOOKING.exe WerFault.exe PID 964 wrote to memory of 1164 964 BOOKING.exe WerFault.exe PID 964 wrote to memory of 1164 964 BOOKING.exe WerFault.exe PID 964 wrote to memory of 1164 964 BOOKING.exe WerFault.exe