Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 14:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
file.exe
-
Size
5.2MB
-
MD5
b5b0b3fcb71e4ca3f04996330b46d188
-
SHA1
4c04505fe7c398e139a4ce3cf80a217cc8b27dbe
-
SHA256
2bcc4315b528b9e1b1896042dd07483b4f9275271f05fb484bd92c2cb2b13d97
-
SHA512
0181090c9239e0957044065802bbc61c8cb0ffb9ea2559d2b988fce85b5ecdd26016b46b161c1b7716f76c90a63db56e862c6eaa050fb67a0c24de416f045441
-
SSDEEP
98304:0i0eu+2CsrmgBRcowzOCMOh7+HjCUPCS5AOoYSRVbpqWZ:LJsrmTTB5h7GCjYAO7SkWZ
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
file.exedescription pid process target process PID 2456 set thread context of 4676 2456 file.exe calc.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4876 4676 WerFault.exe calc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
file.exepid process 2456 file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 2456 wrote to memory of 4676 2456 file.exe calc.exe PID 2456 wrote to memory of 4676 2456 file.exe calc.exe PID 2456 wrote to memory of 4676 2456 file.exe calc.exe PID 2456 wrote to memory of 4676 2456 file.exe calc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 803⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4676 -ip 46761⤵