Analysis
-
max time kernel
133s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:01
Behavioral task
behavioral1
Sample
75096376efd7348a3b5e7b0415ef941a.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
General
-
Target
75096376efd7348a3b5e7b0415ef941a.exe
-
Size
366KB
-
MD5
75096376efd7348a3b5e7b0415ef941a
-
SHA1
fe93068fc5f13340ed9ba611a4423146623d9ff6
-
SHA256
a8f1b931d3353ccf29dee69392d154bb610004b00b272ba74fe12077182d2c67
-
SHA512
b527182dd3018d06f390dd6991a7e5f33c2639ab4f6780d273af18126054b6c6c37fa6158ceb88576943dfaaebd7223c81a0db6fab7569c4b50f22bde1d31589
-
SSDEEP
6144:rUGZjWMN2Sse4d3ERvBxc7hsp8GcUL67rOcQ/j0/3jiSiytZoVazMl:rK7SsvdMvLxpe63Yb3tZRzQ
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
75096376efd7348a3b5e7b0415ef941a.exepid process 5056 75096376efd7348a3b5e7b0415ef941a.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2828 5056 WerFault.exe 75096376efd7348a3b5e7b0415ef941a.exe 4680 5056 WerFault.exe 75096376efd7348a3b5e7b0415ef941a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\75096376efd7348a3b5e7b0415ef941a.exe"C:\Users\Admin\AppData\Local\Temp\75096376efd7348a3b5e7b0415ef941a.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 2202⤵
- Program crash
PID:2828 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 1402⤵
- Program crash
PID:4680
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5056 -ip 50561⤵PID:2380
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5056 -ip 50561⤵PID:4168