Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-02-2024 01:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4ef33de69d09cfc7f8e80df4b7e16f8a.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
4ef33de69d09cfc7f8e80df4b7e16f8a.exe
-
Size
780KB
-
MD5
4ef33de69d09cfc7f8e80df4b7e16f8a
-
SHA1
1a88c7f5deb8118c0588663397c14a12e6590481
-
SHA256
a9c7b5ea44af4b23f0ceb0d97179f895b8d05037bfd25e2f005eae9c03440134
-
SHA512
fff152752b8757929538d5673374687889ee5076686c0634e48f750ea6e014981b1ee840c9c2b582e4b6c9d7a456a69253a2592b82503dac1d20aa00aafc5765
-
SSDEEP
12288:AxFxUzJY43dqNCqlN+jJFivu1nPjZ2GABQssvaL:Ox4KeEU8u1nPjlAysuY
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 4ef33de69d09cfc7f8e80df4b7e16f8a.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2544 2760 WerFault.exe 27 -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2760 wrote to memory of 2544 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 28 PID 2760 wrote to memory of 2544 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 28 PID 2760 wrote to memory of 2544 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 28 PID 2760 wrote to memory of 2544 2760 4ef33de69d09cfc7f8e80df4b7e16f8a.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ef33de69d09cfc7f8e80df4b7e16f8a.exe"C:\Users\Admin\AppData\Local\Temp\4ef33de69d09cfc7f8e80df4b7e16f8a.exe"1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 5242⤵
- Program crash
PID:2544
-