Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/04/2024, 05:07 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe
Resource
win10v2004-20240419-en
1 signatures
150 seconds
General
-
Target
2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe
-
Size
111KB
-
MD5
e7777778df20c690cdcf650546a38da8
-
SHA1
14c783f4b5f389a2278d0f4277de70034f4b8603
-
SHA256
8b9643e07d6d5a6696481973113dedb7b882e515c3c6fed3aab97defee145b6b
-
SHA512
f7e1905e8470848a39e83d92d3e0e0b6b82dddf17c679db6b67adeac4f63df2405a19ca5e6ff0a4894505f90684df6a525d343144423e1ea35bdb6c25bcdf754
-
SSDEEP
3072:hSZCjCBRk4PHX1tnVfgE36CFznSgrVhAqeP:hZCBJHX1pVJ6sznSwVhfe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 356 2384 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2384 wrote to memory of 356 2384 2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe 28 PID 2384 wrote to memory of 356 2384 2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe 28 PID 2384 wrote to memory of 356 2384 2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe 28 PID 2384 wrote to memory of 356 2384 2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-28_e7777778df20c690cdcf650546a38da8_virlock.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 362⤵
- Program crash
PID:356
-