Analysis
-
max time kernel
30s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
09-11-2022 21:32
Static task
static1
Behavioral task
behavioral1
Sample
INV000827365678.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
INV000827365678.exe
-
Size
436KB
-
MD5
b41b1dcba357b9cae74f5a3a06d5faf4
-
SHA1
3bcacaad8622d6a0a3463060c1f4ac7416c0affc
-
SHA256
d0868cfa2f8d12b1f4fec7473e5f0baad751b77caf178aef546e5126b60278ab
-
SHA512
8f43eebaf082c6b9ba561c28b1abd1f04409e38b7c3ae182c7af0dc8a8578fab743e67773ba4282d9a1c5b409489f46da0979e328c30734d9670dae05890015f
-
SSDEEP
12288:9rY1Dr2ChdBjliyVAxTG3ilBB8WShCmaqpyGTYBVhm:hY1Dr2ChNVAwSNKCmay
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 988 112 WerFault.exe INV000827365678.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
INV000827365678.exepid process 112 INV000827365678.exe 112 INV000827365678.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
INV000827365678.exedescription pid process Token: SeDebugPrivilege 112 INV000827365678.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
INV000827365678.exedescription pid process target process PID 112 wrote to memory of 988 112 INV000827365678.exe WerFault.exe PID 112 wrote to memory of 988 112 INV000827365678.exe WerFault.exe PID 112 wrote to memory of 988 112 INV000827365678.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\INV000827365678.exe"C:\Users\Admin\AppData\Local\Temp\INV000827365678.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 112 -s 5922⤵
- Program crash