Analysis
-
max time kernel
7s -
max time network
72s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
22-01-2021 10:13
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Artemis326CF1417127.2024.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Artemis326CF1417127.2024.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Artemis326CF1417127.2024.exe
-
Size
20KB
-
MD5
326cf1417127868c96d367f522a0b260
-
SHA1
238b48e5544d5654fadfaa25a2a55b024452ad6b
-
SHA256
9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41
-
SHA512
732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1728 1636 WerFault.exe SecuriteInfo.com.Artemis326CF1417127.2024.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 1728 WerFault.exe 1728 WerFault.exe 1728 WerFault.exe 1728 WerFault.exe 1728 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
SecuriteInfo.com.Artemis326CF1417127.2024.exeWerFault.exedescription pid process Token: SeDebugPrivilege 1636 SecuriteInfo.com.Artemis326CF1417127.2024.exe Token: SeDebugPrivilege 1728 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
SecuriteInfo.com.Artemis326CF1417127.2024.exedescription pid process target process PID 1636 wrote to memory of 1728 1636 SecuriteInfo.com.Artemis326CF1417127.2024.exe WerFault.exe PID 1636 wrote to memory of 1728 1636 SecuriteInfo.com.Artemis326CF1417127.2024.exe WerFault.exe PID 1636 wrote to memory of 1728 1636 SecuriteInfo.com.Artemis326CF1417127.2024.exe WerFault.exe PID 1636 wrote to memory of 1728 1636 SecuriteInfo.com.Artemis326CF1417127.2024.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Artemis326CF1417127.2024.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Artemis326CF1417127.2024.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 10562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-2-0x00000000746F0000-0x0000000074DDE000-memory.dmpFilesize
6.9MB
-
memory/1636-3-0x00000000003F0000-0x00000000003F1000-memory.dmpFilesize
4KB
-
memory/1636-5-0x0000000000430000-0x0000000000431000-memory.dmpFilesize
4KB
-
memory/1636-6-0x00000000004B0000-0x00000000004D5000-memory.dmpFilesize
148KB
-
memory/1728-7-0x0000000000000000-mapping.dmp
-
memory/1728-8-0x0000000001F80000-0x0000000001F91000-memory.dmpFilesize
68KB
-
memory/1728-9-0x0000000000550000-0x0000000000551000-memory.dmpFilesize
4KB