Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 14:38
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
FATURA PROFORMA.exe
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
General
-
Target
FATURA PROFORMA.exe
-
Size
733KB
-
MD5
23e189bd0552c1601a8e0f9ba8d15c86
-
SHA1
4094f42d511ab76f00f62dad7d40d42015e87651
-
SHA256
7468b2db67d7df89dc67b64c6a6a487bc67da85c11e03036b26290d8218101a6
-
SHA512
f83e3386b8175359b4b8a6fb9d8e692b1ea427215005064766198fa9667c276117eedff8977a76977604043370d44aa4514605946ae8eb22ec1ef339018c1100
-
SSDEEP
12288:bdFkDzZLeZIasnetaFPWpOiDF/5zGSQVQ/Z9l:bdu/ZoIa6etaFPWpOiDF/Oy3l
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
FATURA PROFORMA.exedescription pid process Token: SeDebugPrivilege 2820 FATURA PROFORMA.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
FATURA PROFORMA.exedescription pid process target process PID 2820 wrote to memory of 2212 2820 FATURA PROFORMA.exe WerFault.exe PID 2820 wrote to memory of 2212 2820 FATURA PROFORMA.exe WerFault.exe PID 2820 wrote to memory of 2212 2820 FATURA PROFORMA.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ FATURA PROFORMA.exe"C:\Users\Admin\AppData\Local\Temp\ FATURA PROFORMA.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2820 -s 5362⤵PID:2212