Analysis
-
max time kernel
141s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 18:12
Behavioral task
behavioral1
Sample
BestFMS111111.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
BestFMS111111.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
BestFMS111111.exe
-
Size
6.7MB
-
MD5
8f3e168eb479b199c77cdc4b7d17e16b
-
SHA1
e73626e8dc2ba33c9d8f8e0fc996e2c3417f1726
-
SHA256
ae9ba71dabd8434d51f09cc4294b3052f5c33fdc110c1423100ac6ab3611727e
-
SHA512
ac4ca5e2bc5907c3be7ce741af37667f5da3db59a3ade5335067e637df5ad580c6ac2824b18c68f7cf2b27e90a5929e5f55bcb94c077139c5aa4db8b66b510c8
-
SSDEEP
196608:lRvLUYWmJ1wH19DJt/gKum4EuXeNptKm2:lNAYWmIH1JJZwmHt3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1436 836 WerFault.exe BestFMS111111.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
BestFMS111111.exepid process 836 BestFMS111111.exe 836 BestFMS111111.exe 836 BestFMS111111.exe 836 BestFMS111111.exe 836 BestFMS111111.exe 836 BestFMS111111.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
BestFMS111111.exedescription pid process target process PID 836 wrote to memory of 1436 836 BestFMS111111.exe WerFault.exe PID 836 wrote to memory of 1436 836 BestFMS111111.exe WerFault.exe PID 836 wrote to memory of 1436 836 BestFMS111111.exe WerFault.exe PID 836 wrote to memory of 1436 836 BestFMS111111.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BestFMS111111.exe"C:\Users\Admin\AppData\Local\Temp\BestFMS111111.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 5482⤵
- Program crash