Analysis
-
max time kernel
50s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16/01/2023, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
77d29818be0d01c38545baa0bd4551c6853c224b.exe
Resource
win7-20220812-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
77d29818be0d01c38545baa0bd4551c6853c224b.exe
Resource
win10v2004-20221111-en
12 signatures
150 seconds
General
-
Target
77d29818be0d01c38545baa0bd4551c6853c224b.exe
-
Size
365KB
-
MD5
343adbd49e24d1bdec30f634f4055da8
-
SHA1
77d29818be0d01c38545baa0bd4551c6853c224b
-
SHA256
404c51dbba49787d8c3d9cde78efc1a5eb0d9f139c0c6b130438870a0ecc244c
-
SHA512
4c6831539aef807c7cb4875306e5fecc06b769924e0a1f80a5316f194a5235ec9e904c932b3ec4021e7ef2237bc2dba3db47a8a1cb20244c67c9fa1e6d88298f
-
SSDEEP
6144:SVjDF2Bp0G3LkjLsvBrL0+ecB4X0Y37cWI+HLq11aWBLXAO1DAjWbc:SRDF2BpjLQLsvBP0+ecyEY37C8P
Score
7/10
Malware Config
Signatures
-
Uses the VBS compiler for execution 1 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1444 set thread context of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 -
Program crash 1 IoCs
pid pid_target Process procid_target 1532 1444 WerFault.exe 4 -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1220 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 28 PID 1444 wrote to memory of 1532 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 29 PID 1444 wrote to memory of 1532 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 29 PID 1444 wrote to memory of 1532 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 29 PID 1444 wrote to memory of 1532 1444 77d29818be0d01c38545baa0bd4551c6853c224b.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\77d29818be0d01c38545baa0bd4551c6853c224b.exe"C:\Users\Admin\AppData\Local\Temp\77d29818be0d01c38545baa0bd4551c6853c224b.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1444 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"2⤵PID:1220
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 362⤵
- Program crash
PID:1532
-