Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 14:57 UTC
Static task
static1
Behavioral task
behavioral1
Sample
8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
Resource
win10v2004-20240226-en
General
-
Target
8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe
-
Size
2.5MB
-
MD5
145fb0a72ca3799c22a451683b0b6d38
-
SHA1
9ee456116c6da2d416b078ecc70008f1682be605
-
SHA256
8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f
-
SHA512
566ff9bc201d8fb0552fb9a473a780339b04e7c4d7083f3d18a3fbd705493c4af7a06da7e89e3c4a50e9acb6dd8c5c595511c924a2b1b91b77c3e907be80d68a
-
SSDEEP
49152:vB+dPmenydp6g4OiZrq1DfP+rsNADtV6v+L8uSwiPSCmDS+5uSlVQ:Cuiyd54OiZrq1DfPHNADtV6v+
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2096 2764 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2764 wrote to memory of 2096 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 28 PID 2764 wrote to memory of 2096 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 28 PID 2764 wrote to memory of 2096 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 28 PID 2764 wrote to memory of 2096 2764 8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe"C:\Users\Admin\AppData\Local\Temp\8588c0c872a004d16455c5f28a4e9c0e8875b10b295f42b93a69a211f5fb9f6f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 2402⤵
- Program crash
PID:2096
-