Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
21f3f0839bf8249d1bc191f22e9d3db5.exe
Resource
win7-20231215-en
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
21f3f0839bf8249d1bc191f22e9d3db5.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
21f3f0839bf8249d1bc191f22e9d3db5.exe
-
Size
1.5MB
-
MD5
21f3f0839bf8249d1bc191f22e9d3db5
-
SHA1
94ade5dba04a37504fabf6a233ad3d36d58e2a3d
-
SHA256
18fc8e8b9bce91864d897de0da7760963edcef91d5c7b15b2e8c4cde4421c315
-
SHA512
b1fe4b42b3bf3c046aa6a28f2bc38cf3f8b311113de97cb3ba5322a78bdc06cf0ae2e0719f773b48d7e21be3d103ee2385805f374717dfeb4b649ecd002cf79a
-
SSDEEP
24576:IeA3sO3mVxkP0vxxkEmT1VK7MB0BPXiD7HwbpGMLMFlj6UNgs4voXALPCclZRT0Y:TA3736mcpxyq7XWQdGZj6C74vmALfUT8
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2736 2356 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2356 wrote to memory of 2736 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 28 PID 2356 wrote to memory of 2736 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 28 PID 2356 wrote to memory of 2736 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 28 PID 2356 wrote to memory of 2736 2356 21f3f0839bf8249d1bc191f22e9d3db5.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\21f3f0839bf8249d1bc191f22e9d3db5.exe"C:\Users\Admin\AppData\Local\Temp\21f3f0839bf8249d1bc191f22e9d3db5.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 3442⤵
- Program crash
PID:2736
-