Analysis
-
max time kernel
29s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12-11-2022 21:18
Static task
static1
Behavioral task
behavioral1
Sample
FM000987INMM.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
FM000987INMM.exe
-
Size
432KB
-
MD5
e807bcfa922ddd60a6c8e85c441c576b
-
SHA1
f2a2cafc8f9efe1b5d49bcf3cadedc87ea416dac
-
SHA256
b08be63af3754f6970336f0f5c751271233d253f0195d2ed8293e50679c18004
-
SHA512
6da74e49eaac931a22cfbf33851b5f450c067d445a7434fb4a703db85df55830f8ca046c03418fd4ddc9227a62fbf726805a6fb5ddf39647380633771b8fcfac
-
SSDEEP
12288:n+jAiWbrrhAIrzN4f/Q1EZB6bi+pOaWeeJjTJ:+A1zN4nQaZB3xewTJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 896 1228 WerFault.exe FM000987INMM.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
FM000987INMM.exepid process 1228 FM000987INMM.exe 1228 FM000987INMM.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
FM000987INMM.exedescription pid process Token: SeDebugPrivilege 1228 FM000987INMM.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
FM000987INMM.exedescription pid process target process PID 1228 wrote to memory of 896 1228 FM000987INMM.exe WerFault.exe PID 1228 wrote to memory of 896 1228 FM000987INMM.exe WerFault.exe PID 1228 wrote to memory of 896 1228 FM000987INMM.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\FM000987INMM.exe"C:\Users\Admin\AppData\Local\Temp\FM000987INMM.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1228 -s 5522⤵
- Program crash