Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
27-09-2022 21:29
Static task
static1
Behavioral task
behavioral1
Sample
image001.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
image001.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
image001.exe
-
Size
138KB
-
MD5
eb89816844f308ccfae4bbe2a72d527d
-
SHA1
6f04b00bdb256b616ac1edadf637378fccb36670
-
SHA256
6d891a2985e39d8b0cb720b24f92deb90370f5e25cf4158b5d224802475a8e66
-
SHA512
48cac0381d7ce3db389895c49a3c3ffff0f3edf1217d4515d081d5c768bc9d5b75018953f348f175585b797d36e7da6a9f300c2d04fa6678b8bebf0d0ec6665c
-
SSDEEP
3072:m1TBs5bEg6AAAITTE4R2GZzuj7Fnkob8x4zJLr:UBs5bEg6/T44R2GZzuj7Fkob8x
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 112 1128 WerFault.exe image001.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
image001.exedescription pid process Token: SeDebugPrivilege 1128 image001.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
image001.exedescription pid process target process PID 1128 wrote to memory of 112 1128 image001.exe WerFault.exe PID 1128 wrote to memory of 112 1128 image001.exe WerFault.exe PID 1128 wrote to memory of 112 1128 image001.exe WerFault.exe PID 1128 wrote to memory of 112 1128 image001.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\image001.exe"C:\Users\Admin\AppData\Local\Temp\image001.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 10802⤵
- Program crash