Analysis
-
max time kernel
91s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2022, 22:53
Behavioral task
behavioral1
Sample
94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe
Resource
win7-20220901-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe
Resource
win10v2004-20220812-en
3 signatures
150 seconds
General
-
Target
94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe
-
Size
5.2MB
-
MD5
a0a78301a0f7e4ed18a488c064e14ea7
-
SHA1
a21c0ca52b6c8362d74b5d7769ffa3e40a8e246b
-
SHA256
94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48
-
SHA512
a37a443677f422efcc147d374f9e9aab5330c563fafd6a09abb4ca41302c23150d95d920c8435de2bdbf948b6fabdac1b7e1af088d42d609994afc81df2487be
-
SSDEEP
98304:zvdbokc64QVgi9QpkR0xkw3zLzOIMiu9AgXz58wW3HuI73hb:zvd0URQpkR0xkSzfOIMiulD5CHuI9b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4704 4680 WerFault.exe 78 -
Modifies Control Panel 3 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\sShortDate = "yyyy-MM-dd" 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\iDate = "2" 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\sDate = "-" 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 4680 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe 4680 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe 4680 94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe"C:\Users\Admin\AppData\Local\Temp\94f0e91b85ec1a44ea3fa3ea64f1c961b4a9fe3188ab242dba151582453dfd48.exe"1⤵
- Modifies Control Panel
- Suspicious use of SetWindowsHookEx
PID:4680 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 11562⤵
- Program crash
PID:4704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4680 -ip 46801⤵PID:3356