Analysis
-
max time kernel
140s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
15/09/2023, 14:47
Static task
static1
Behavioral task
behavioral1
Sample
vmware.exe
Resource
win7-20230831-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
vmware.exe
Resource
win10v2004-20230915-en
1 signatures
150 seconds
General
-
Target
vmware.exe
-
Size
2.1MB
-
MD5
da9bb486b14c37a771d6f7bf208a86d3
-
SHA1
23c2671b2558f00738c3010b00154aa059d774ad
-
SHA256
19bd8a90a779a9b35117f4e814de20661e32ea07a6721a2a13858473be8d4a36
-
SHA512
82284d3bf3692f187ddbb60e6f8beaa928f8ca23146423d681f53dddda8a8b73bb16159eb7e8572cf3a2cd24daaefd137ac6badfe67ff08d85502198711ee573
-
SSDEEP
49152:r0WtLrwaCUzBMoaSnRUntexlBbt41aCq4:Yynw3U1aqjBb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 2176 wrote to memory of 4792 2176 vmware.exe 78 PID 2176 wrote to memory of 4792 2176 vmware.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\vmware.exe"C:\Users\Admin\AppData\Local\Temp\vmware.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Windows\system32\pcaui.exe"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {db4f3aa6-828e-4e0c-a461-efac8dacc1a2} -a "VMware Workstation Pro" -v "VMware, Inc." -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 2109246 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\vmware.exe"2⤵PID:4792
-