Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
06-04-2023 23:14
Static task
static1
Behavioral task
behavioral1
Sample
GTAG GUI.exe
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
GTAG GUI.exe
Resource
win10v2004-20230220-en
12 signatures
150 seconds
General
-
Target
GTAG GUI.exe
-
Size
60KB
-
MD5
45e704327dc60ee44308d852f2559d2a
-
SHA1
9514b3ad4e4ac2ffaaf1a53bd365e183b12d42ed
-
SHA256
0c071497334f0ece1f7217f0572b13c78ae1a37f466993ddea8f48e99826606d
-
SHA512
71a74ec690e32543a1cfb002d5fc12802b38afe241b3e5a17ffe2b8943387fc0bb6f4a8b6a0714c475963faf91a8511d912f8c7622c7f03664c095d6428da5d5
-
SSDEEP
1536:fL9vF5BfilV2j1FQ9UlWlMV13cLSHX/Yow70DmVH9q:fVBfiuLX/YGN
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1584 1724 WerFault.exe GTAG GUI.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
GTAG GUI.exedescription pid process target process PID 1724 wrote to memory of 1584 1724 GTAG GUI.exe WerFault.exe PID 1724 wrote to memory of 1584 1724 GTAG GUI.exe WerFault.exe PID 1724 wrote to memory of 1584 1724 GTAG GUI.exe WerFault.exe PID 1724 wrote to memory of 1584 1724 GTAG GUI.exe WerFault.exe