Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 01:10
Static task
static1
Behavioral task
behavioral1
Sample
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe
Resource
win10v2004-20240419-en
General
-
Target
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe
-
Size
611KB
-
MD5
90ef1b43841cec6ada8456d6001cdfab
-
SHA1
f4883709e25e8214a514a5a857d271ed522e2d1e
-
SHA256
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f
-
SHA512
a64011db120874c49e0fa96cb56c2fe7be520654cfcc45a200f673185911d0d9936998e969f436310ad025fd191fe3901fc60669f9a50a53e99a4c92f1899b4f
-
SSDEEP
12288:3yhaWvkOpKFP5eJBXY2PYMK2A4x3t45Jb+uh1ZaxfJz1+Ce5x5udkBuuQRo:3yXoh6Rwyxt45Jnjaxf11kMLuQRo
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exedescription pid process Token: SeDebugPrivilege 1976 ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exedescription pid process target process PID 1976 wrote to memory of 2008 1976 ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe WerFault.exe PID 1976 wrote to memory of 2008 1976 ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe WerFault.exe PID 1976 wrote to memory of 2008 1976 ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe"C:\Users\Admin\AppData\Local\Temp\ccb6396aaae2620106b0aa3e7026ccfebc60f5026d3764e692a76e4cfbc4914f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1976 -s 5882⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1976-0-0x0000000001220000-0x000000000122A000-memory.dmpFilesize
40KB
-
memory/1976-1-0x000007FEF5C30000-0x000007FEF661C000-memory.dmpFilesize
9.9MB
-
memory/1976-2-0x000000001AFF0000-0x000000001B070000-memory.dmpFilesize
512KB
-
memory/1976-3-0x000007FEF5C30000-0x000007FEF661C000-memory.dmpFilesize
9.9MB
-
memory/1976-4-0x000000001AFF0000-0x000000001B070000-memory.dmpFilesize
512KB