8b9643e07d6d5a6696481973113dedb7b882e515c3c6fed3aab97defee145b6b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/04/2024, 05:07 UTC

Target

2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe
Size

111KB
MD5

e7777778df20c690cdcf650546a38da8
SHA1

14c783f4b5f389a2278d0f4277de70034f4b8603
SHA256

8b9643e07d6d5a6696481973113dedb7b882e515c3c6fed3aab97defee145b6b
SHA512

f7e1905e8470848a39e83d92d3e0e0b6b82dddf17c679db6b67adeac4f63df2405a19ca5e6ff0a4894505f90684df6a525d343144423e1ea35bdb6c25bcdf754
SSDEEP

3072:hSZCjCBRk4PHX1tnVfgE36CFznSgrVhAqeP:hZCBJHX1pVJ6sznSwVhfe

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
356	2384	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 356	2384	2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe	28
PID 2384 wrote to memory of 356	2384	2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe	28
PID 2384 wrote to memory of 356	2384	2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe	28
PID 2384 wrote to memory of 356	2384	2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe	28

C:\Users\Admin\AppData\Local\Temp\2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 36
  2⤵
  - Program crash
  PID:356

memory/2384-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download