Analysis
-
max time kernel
47s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
10-08-2022 11:16
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220718-en
3 signatures
150 seconds
General
-
Target
invoice.exe
-
Size
16KB
-
MD5
aa1d9a07e0bd53a161cb35168bb1bb31
-
SHA1
f4503fd5b9d8b23c02bff1abd23fb17ce341f907
-
SHA256
08ad11bae99deab8e128dfea4c85f8bb46124f32a7cfae956c1b650e94f005fa
-
SHA512
1185abec300c865b7f167f583b5b2ea62b7860ad9da58d0b0779a754ea9fc783a8c49d6592e345c7840ad773936a14d9ced6e39651eeaecf3271d5acd9b36049
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1504 1892 WerFault.exe invoice.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
invoice.exedescription pid process Token: SeDebugPrivilege 1892 invoice.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
invoice.exedescription pid process target process PID 1892 wrote to memory of 1504 1892 invoice.exe WerFault.exe PID 1892 wrote to memory of 1504 1892 invoice.exe WerFault.exe PID 1892 wrote to memory of 1504 1892 invoice.exe WerFault.exe PID 1892 wrote to memory of 1504 1892 invoice.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\invoice.exe"C:\Users\Admin\AppData\Local\Temp\invoice.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 10522⤵
- Program crash