Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 03:10
Behavioral task
behavioral1
Sample
ad8a07c2d7f23ccc50e6691b934e7a1b.exe
Resource
win7-20240221-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
ad8a07c2d7f23ccc50e6691b934e7a1b.exe
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
ad8a07c2d7f23ccc50e6691b934e7a1b.exe
-
Size
389KB
-
MD5
ad8a07c2d7f23ccc50e6691b934e7a1b
-
SHA1
4a1083ccdb8973f83b9b6d7afa81796e0d8af679
-
SHA256
e763eed681cebe84674824a0486f0a56673d60fe43960b1a5ba70aec5d025d8d
-
SHA512
bd07adb4403f051536aa9a59d2416a1b28158642c7ae6fb0110640014c7f2071fc47b7601f5f856927255a9844a75d477a890f058338b9a4f381123d07c9083e
-
SSDEEP
6144:grGYselHBo0ZzIoXRlHuIqMbvnb/wKemHg1BakKJz2+Dwfi+a8AD/XoAupX7O7:c5hxH3OXQbTeKkKJzFDAil86/XRCG
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 860 ad8a07c2d7f23ccc50e6691b934e7a1b.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 2456 860 WerFault.exe 44 368 860 WerFault.exe 44
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad8a07c2d7f23ccc50e6691b934e7a1b.exe"C:\Users\Admin\AppData\Local\Temp\ad8a07c2d7f23ccc50e6691b934e7a1b.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:860 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 2202⤵
- Program crash
PID:2456
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 1402⤵
- Program crash
PID:368
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 860 -ip 8601⤵PID:548
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 860 -ip 8601⤵PID:1168