Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 01:04
Behavioral task
behavioral1
Sample
b363b473b5e2262c0ffdd5f5786402ad.exe
Resource
win7-20240221-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
b363b473b5e2262c0ffdd5f5786402ad.exe
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
b363b473b5e2262c0ffdd5f5786402ad.exe
-
Size
248KB
-
MD5
b363b473b5e2262c0ffdd5f5786402ad
-
SHA1
b9e983d9fba87ab19e3b8942918a3dd4783ee9c4
-
SHA256
fd26d0653a47e24c6373096fe3d413d2f86ade515b4100a425283045b56ed3ca
-
SHA512
af2a089bb5f5a5fca391d9e90d29fb9347badae3d8b6c23711f877ef7efad2e888df2b8415dbe895f457990ca0822983ba8d6e56ae44633664a509c5d618a3c8
-
SSDEEP
6144:wMAG+etgKfz8LeSC1EbTLCpJqCx3P9UWcIN7686WbN:tANetgKr8LJ9bTLCjqCxf9U6NW2
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2076 b363b473b5e2262c0ffdd5f5786402ad.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 728 2076 WerFault.exe 87 1784 2076 WerFault.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\b363b473b5e2262c0ffdd5f5786402ad.exe"C:\Users\Admin\AppData\Local\Temp\b363b473b5e2262c0ffdd5f5786402ad.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2076 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 2202⤵
- Program crash
PID:728
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 1522⤵
- Program crash
PID:1784
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2076 -ip 20761⤵PID:3944
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2076 -ip 20761⤵PID:2544