Analysis
-
max time kernel
191s -
max time network
213s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 04:57
Static task
static1
Behavioral task
behavioral1
Sample
af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe
Resource
win7-20220812-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe
-
Size
106KB
-
MD5
819545a55bb5816919e4ce12e20f9d10
-
SHA1
417d4645faab9814a49384e5cf711fe5935f085f
-
SHA256
af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768
-
SHA512
43b059e37722488ff8c934c12d7ef9dd60d153608bbe230172d5ec0b4270d76b21de2dc9eed8608099565a7ec0109bf1abc2c20c4c5f723d3a10c81a11076918
-
SSDEEP
1536:bFhpZGGFsUZCWaPN19c4x/hB94Z8FqiZ+qExji:vC5UZCfN3ceXNAq2i
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3488 2224 WerFault.exe 80 -
Suspicious use of SetWindowsHookAW 64 IoCs
pid Process 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2224 af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe"C:\Users\Admin\AppData\Local\Temp\af264d913e3d1b03ec68433c0c7ce0a23429e07a2bb64fb4b1a87e0df70ab768.exe"1⤵
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
PID:2224 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 6962⤵
- Program crash
PID:3488
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2224 -ip 22241⤵PID:724