Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2023 13:55
Behavioral task
behavioral1
Sample
BestFMS_13819.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
BestFMS_13819.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
BestFMS_13819.exe
-
Size
7.0MB
-
MD5
2e0df1f43ad97b03772587f803fe65cf
-
SHA1
b4ad453865f362cdff3833a1a188c2de4e3025d5
-
SHA256
0737a1f9a3a049f4bda7694ab63b301cd53cd3967ce5a55d4094582e701c4390
-
SHA512
448f5880fea7235a41e30dc4550ac9f4a40e3fa1926672c2cc047761d94277a9396eae6591484e73d6d49fb927754c76ecf1199cc2b8ee12a89dd2d7836e1057
-
SSDEEP
196608:B1BTxuBIkFvS47vNdFSD96NRZFuwPQ7hVi:DQIw37HsExFZI1Vi
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2184 3456 WerFault.exe BestFMS_13819.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
BestFMS_13819.exepid process 3456 BestFMS_13819.exe 3456 BestFMS_13819.exe 3456 BestFMS_13819.exe 3456 BestFMS_13819.exe 3456 BestFMS_13819.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BestFMS_13819.exe"C:\Users\Admin\AppData\Local\Temp\BestFMS_13819.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 9482⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3456 -ip 34561⤵