Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
03-06-2023 19:34
Behavioral task
behavioral1
Sample
04318899.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
04318899.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
04318899.exe
-
Size
124KB
-
MD5
81d45561da479bd4203b837462ee8b47
-
SHA1
5d04346363d5d592e1b65b7f5a143b05b0e6318f
-
SHA256
4ea07dbe6d547f6b5a415630233bac532557f00f3440f6c99e0cf797d72cee76
-
SHA512
47034ba6a56531118df20ff0f313d46919879880c45b91af91ef725606a3e98e6288a18dabd92ace039ca55fd20e950a3d381ec1a8d18dbf645bcc3af3cc2274
-
SSDEEP
1536:CFmJzZ9Vl4WJT6dDYdXlEuuyl+9HiJdkXI/ZQN+gC74vqUAstVchTE:SmhFlEiEuuo6QW/+17Eq6tVc9E
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1504 1428 WerFault.exe 04318899.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
04318899.exepid process 1428 04318899.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
04318899.exedescription pid process target process PID 1428 wrote to memory of 1504 1428 04318899.exe WerFault.exe PID 1428 wrote to memory of 1504 1428 04318899.exe WerFault.exe PID 1428 wrote to memory of 1504 1428 04318899.exe WerFault.exe PID 1428 wrote to memory of 1504 1428 04318899.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\04318899.exe"C:\Users\Admin\AppData\Local\Temp\04318899.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 1322⤵
- Program crash