Analysis
-
max time kernel
40s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:26
Static task
static1
Behavioral task
behavioral1
Sample
CFӵǽV1.0.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
CFӵǽV1.0.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
CFӵǽV1.0.exe
-
Size
684KB
-
MD5
2dc0552a6ba0aa9768941021afb21def
-
SHA1
8ec47f8137e1da4372059d867aa9936897c9b1ee
-
SHA256
9d9e449be3e01e0ee8111d806debf9b77b8a4830d587869bc4737eb084c55b2b
-
SHA512
6959cf9f03dc9921dd8a506f845d220b66a6034bf17d7566de189dde656e376f422fc7757c242e5381e3d7b8a9036b914ba951c8e44ab08db5c7691a805eae3f
-
SSDEEP
12288:kn+e95EJcsEFjNqI5W9FeBMv9fnrdj909x:kn+e9BFxqI5WHeOv9frdjez
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1892 1376 WerFault.exe CFӵǽV1.0.exe -
Suspicious behavior: LoadsDriver 2 IoCs
Processes:
pid process 464 464 -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
CFӵǽV1.0.exepid process 1376 CFӵǽV1.0.exe 1376 CFӵǽV1.0.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
CFӵǽV1.0.exedescription pid process target process PID 1376 wrote to memory of 1892 1376 CFӵǽV1.0.exe WerFault.exe PID 1376 wrote to memory of 1892 1376 CFӵǽV1.0.exe WerFault.exe PID 1376 wrote to memory of 1892 1376 CFӵǽV1.0.exe WerFault.exe PID 1376 wrote to memory of 1892 1376 CFӵǽV1.0.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe"C:\Users\Admin\AppData\Local\Temp\CFӵǽV1.0.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 3082⤵
- Program crash
PID:1892