Analysis
-
max time kernel
184s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24-11-2022 07:48
General
-
Target
Processing.Pdf____________________________________________________________.exe
-
Size
478KB
-
MD5
e46421290522060e95dc6c6ac9bab9c8
-
SHA1
08aaa1203dca088e366ea31253ec264ca710f015
-
SHA256
c7715cabaa44e33a7e60bc3599924d77e0021383d2f6b1b0ecd5e84bcbfb62c2
-
SHA512
d590f467b8ebcc8805d910506585033c29c6f3f47b232cf2ebbfea91bf139e135b197ecd8a599521b25cf45fa0e46932e992842651ffe4d0c71b9c2d866369a5
-
SSDEEP
6144:/ipL4qsxpzEeqcQL3dOk+yrctZl/nS0JSAS2cu1PfFjHNNj9iL:/6UZbzH2Ok+HbrJSycwl/j90
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Processing.Pdf____________________________________________________________.exe"C:\Users\Admin\AppData\Local\Temp\Processing.Pdf____________________________________________________________.exe"1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Processing.Pdf____________________________________________________________.exe"C:\Users\Admin\AppData\Local\Temp\Processing.Pdf____________________________________________________________.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 83⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2440 -ip 24401⤵