Analysis
-
max time kernel
188s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 14:22
General
-
Target
4dc72fc2c7ccfd91d61848c30aac1978d329be7515740dd8436404ac9ffd63fd.exe
-
Size
396KB
-
MD5
3ed79716978bb09c4890a60dd74d5470
-
SHA1
4b5232a93d4cd129f598ad0fdc93b145faee3922
-
SHA256
4dc72fc2c7ccfd91d61848c30aac1978d329be7515740dd8436404ac9ffd63fd
-
SHA512
0aedb190c6f0c5d18c509d57160c79a4c8aa64b5520e1a25d26e3bead94819159895bfa925cd9086f9837f96211d0d9e9bb439d6758b8a20a58a6a030ee527fd
-
SSDEEP
6144:iX9SMLpHYi2B2plyB86ozFti/2rvpwnIrgc8SwAAwnMNSQNcDPbI/J5EJKdIxj:mL4i2YU2iu7pwQeSBAkAkiJSsY
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dc72fc2c7ccfd91d61848c30aac1978d329be7515740dd8436404ac9ffd63fd.exe"C:\Users\Admin\AppData\Local\Temp\4dc72fc2c7ccfd91d61848c30aac1978d329be7515740dd8436404ac9ffd63fd.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 2282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 2282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4716 -ip 47161⤵