465d594fb1f67449a8cbc509a96e81f888f2d399ca91abab79ca881ba6c6118d

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 08:42

Target

2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe
Size

109KB
MD5

bc573ae526a48058c1c446010a0eb4e2
SHA1

ed8393e1e488240727a4ff6ec5a0540b17a04030
SHA256

465d594fb1f67449a8cbc509a96e81f888f2d399ca91abab79ca881ba6c6118d
SHA512

5f94682df5346aee984f2dc819c7cdec87705f05fcabc043e79a6d32c0b444f3ae91cb1933aeac685de229272642938b39780ba53ec26120dbd31b8a8af9465a
SSDEEP

3072:lBoRLvFsEDAYQQQbDcXOVnPXo9lXP1GQMmPa1w3kQxwR:lBoxvFvDlQQQkiXo9lXP1GQMmyyUQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3056	1548	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 3056	1548	2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe	28
PID 1548 wrote to memory of 3056	1548	2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe	28
PID 1548 wrote to memory of 3056	1548	2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe	28
PID 1548 wrote to memory of 3056	1548	2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-14_bc573ae526a48058c1c446010a0eb4e2_virlock.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 36
  2⤵
  - Program crash
  PID:3056

memory/1548-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download