Analysis
-
max time kernel
133s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:43
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
General
-
Target
410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
-
Size
269KB
-
MD5
82897da154eec93530858e9e0bf1a4c0
-
SHA1
10aee924b5633baa640b3b55068eba8de5dc305a
-
SHA256
410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de
-
SHA512
3dc49d4ddcd62ad30d5aded87c07c5a09021522a71812fbf6e457ad42cbc39acab2e932b25eac6931e4b9806bcaacea7a6c93bf0e034e8a089b66eb98409bc59
-
SSDEEP
6144:3GqH2r85tdvh80jwizPtNwoVYmsjAOzAxmWm1fq:3JWr85tdvh80j1YmsjQmJ1fq
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1012 4664 WerFault.exe 410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exepid process 4664 410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe"C:\Users\Admin\AppData\Local\Temp\410b410ba63f89e0cec2b18f9a97396117729b840155d271a9001c8a6037f0de.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:4664 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 12242⤵
- Program crash
PID:1012
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4664 -ip 46641⤵PID:3980