Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08-11-2022 12:10
Static task
static1
Behavioral task
behavioral1
Sample
palmic.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
palmic.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
13 signatures
300 seconds
General
-
Target
palmic.exe
-
Size
66KB
-
MD5
ec56a21c8ee1d373f5e892cc19a14441
-
SHA1
e2834f9bfe32bb1a6b4fbb4cff128e8dcdece15b
-
SHA256
3129b84bf731a2348ea99a5d7e03c9b52993963a88607ad149b13b7cba499f19
-
SHA512
b78ca39248267de920b270323134d354cabee4fc434f1ba216669d504ffdc5e2b7cd45d54e48f457cfc9afb4cc1a52d91a0523fa7899ea8f36324668c0bd5532
-
SSDEEP
768:Yy8W6IZhbT3GpO1gyapErmN7uPS/Zp8Hk/8gV90DBVpGwDO+snK5k41PMArE7+6d:YHI72gQk+NoVLsK5k410jEY+ICyjZ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1240 1212 WerFault.exe 26 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1212 palmic.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1212 wrote to memory of 1240 1212 palmic.exe 27 PID 1212 wrote to memory of 1240 1212 palmic.exe 27 PID 1212 wrote to memory of 1240 1212 palmic.exe 27 PID 1212 wrote to memory of 1240 1212 palmic.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\palmic.exe"C:\Users\Admin\AppData\Local\Temp\palmic.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 11842⤵
- Program crash
PID:1240
-