Analysis
-
max time kernel
35s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-12-2022 06:34
Behavioral task
behavioral1
Sample
MainLoader.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
MainLoader.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
MainLoader.exe
-
Size
537KB
-
MD5
2ce459cbd15f96b92c6b411b9eaeb24c
-
SHA1
d4ef5e179d1e4510141537bd59dca1d6fdb83a6a
-
SHA256
bb57c20116377a50473e83604488f1935311dbf93a419cdeb41cf051ffd22b31
-
SHA512
f5385c52c7945cfb2196edbda6aebd7007d383fc837712585c501387704709f9882f36559736b0804455a5c9eb09015d4f6e88135339c340c643554b0d4cb53c
-
SSDEEP
12288:z4lThwQGIQilGzWTifG1g6eUt5uPPRg7zhTnn6wi8TQBVW6:slTOFq7TifGG6wR6TnRi8To
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1164-54-0x000000013FAB0000-0x000000013FC13000-memory.dmp upx behavioral1/memory/1164-56-0x000000013FAB0000-0x000000013FC13000-memory.dmp upx -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1176 1164 WerFault.exe MainLoader.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
MainLoader.exedescription pid process target process PID 1164 wrote to memory of 1176 1164 MainLoader.exe WerFault.exe PID 1164 wrote to memory of 1176 1164 MainLoader.exe WerFault.exe PID 1164 wrote to memory of 1176 1164 MainLoader.exe WerFault.exe