Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 04:46
Static task
static1
Behavioral task
behavioral1
Sample
06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe
Resource
win10v2004-20220812-en
General
-
Target
06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe
-
Size
436KB
-
MD5
74e09e6568f65ad52cbc96f72cb31400
-
SHA1
e79c603182b1fd9d198247af00be9a3cefc51210
-
SHA256
06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397
-
SHA512
78949f8598ce50b7bb355ed6b59f5b01124cef8ab2bae1bd6cabba6f6e4260a2511fef92060fb4b823e17c4040841994fe2547a89b76648724e7b52b5d78e364
-
SSDEEP
6144:6wItv0HIwLLFCWv4+C5/ZFD9UXOEPyHmKL9dE+OzhS6izw0oJlPg:63oOjLQV6HfE+Ozrizw5Jlo
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1984 3496 WerFault.exe 80 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3496 06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe"C:\Users\Admin\AppData\Local\Temp\06160291415e47db3c11816c825cf81e9d9b709b894342518f67ef52a9826397.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3496 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 4642⤵
- Program crash
PID:1984
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3496 -ip 34961⤵PID:4276