Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
07-11-2022 08:37
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
18 signatures
150 seconds
General
-
Target
C4Loader.exe
-
Size
126KB
-
MD5
e755b7599fc8b631b954d2d80a3246cb
-
SHA1
0f557b0b356fc7b5462d252cccd19f93b2cc696a
-
SHA256
4b8e43a1cee980394eb2845ea6657b376746b84b52bbd3d2ea062cbdfb292d5d
-
SHA512
426bec87d3c521b99d34813d9953aa7eaebbbebc155056e3fe53f893c8fca7a9ee1c4657c192472c82323470388f1238a994ac6fb54ad3d7f2e42355229e2a7c
-
SSDEEP
3072:AWrLpduTeRflPTgZv6NV5GqZdPAxusJt6fgMvXM0jJ5Y7eyFNeVmlUOL18c:AUL4YpTV4mAxh6fDyFxL18c
Score
7/10
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
C4Loader.exedescription pid process target process PID 1184 set thread context of 964 1184 C4Loader.exe vbc.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1648 1184 WerFault.exe C4Loader.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
C4Loader.exedescription pid process target process PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 964 1184 C4Loader.exe vbc.exe PID 1184 wrote to memory of 1648 1184 C4Loader.exe WerFault.exe PID 1184 wrote to memory of 1648 1184 C4Loader.exe WerFault.exe PID 1184 wrote to memory of 1648 1184 C4Loader.exe WerFault.exe PID 1184 wrote to memory of 1648 1184 C4Loader.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\C4Loader.exe"C:\Users\Admin\AppData\Local\Temp\C4Loader.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 482⤵
- Program crash