Analysis
-
max time kernel
40s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-01-2023 10:29
Static task
static1
Behavioral task
behavioral1
Sample
VSL Q88.scr.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
VSL Q88.scr.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
VSL Q88.scr.exe
-
Size
17KB
-
MD5
525c930b348f58ecdaf03b08c1a91495
-
SHA1
5f08e2d33fc791929e29ad5b93a319453c3583a9
-
SHA256
bb393daf400b3417fdd00e65698a3fdb977cd41cc1df894b630b271ddb4769df
-
SHA512
44f17df7f6f7bbb505a40d389496f7acca83c8e78b4180fd7e90cad1ea42731ceed36d634780cdec6758b9c8c72a23df726b668ef5e6087bc778eb28e6b0dc0e
-
SSDEEP
384:gdO0vPqnnphy83JqGq3HLBhoksn1VRi2J2kcQ5Yi:gdnPqnnph53J3q3rBJsnMkcS
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1136 1364 WerFault.exe VSL Q88.scr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
VSL Q88.scr.exedescription pid process Token: SeDebugPrivilege 1364 VSL Q88.scr.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
VSL Q88.scr.exedescription pid process target process PID 1364 wrote to memory of 1136 1364 VSL Q88.scr.exe WerFault.exe PID 1364 wrote to memory of 1136 1364 VSL Q88.scr.exe WerFault.exe PID 1364 wrote to memory of 1136 1364 VSL Q88.scr.exe WerFault.exe PID 1364 wrote to memory of 1136 1364 VSL Q88.scr.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\VSL Q88.scr.exe"C:\Users\Admin\AppData\Local\Temp\VSL Q88.scr.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 10562⤵
- Program crash