Analysis
-
max time kernel
7s -
max time network
72s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
22-01-2021 10:13
General
-
Target
SecuriteInfo.com.Artemis326CF1417127.2024.exe
-
Size
20KB
-
MD5
326cf1417127868c96d367f522a0b260
-
SHA1
238b48e5544d5654fadfaa25a2a55b024452ad6b
-
SHA256
9d694e2995af1dbbf8f6dda2eb0cdcb80428269918a9d47b8833d98536194c41
-
SHA512
732a70a05db0e21cf95667624721a79cb648fc716a52210a803b7e8ecc23145b9a76b23041af67390def445512a4185d29ff0b0afb55da925fd1c2c913fd9a12
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Artemis326CF1417127.2024.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Artemis326CF1417127.2024.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 10562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-2-0x00000000746F0000-0x0000000074DDE000-memory.dmpFilesize
6.9MB
-
memory/1636-3-0x00000000003F0000-0x00000000003F1000-memory.dmpFilesize
4KB
-
memory/1636-5-0x0000000000430000-0x0000000000431000-memory.dmpFilesize
4KB
-
memory/1636-6-0x00000000004B0000-0x00000000004D5000-memory.dmpFilesize
148KB
-
memory/1728-7-0x0000000000000000-mapping.dmp
-
memory/1728-8-0x0000000001F80000-0x0000000001F91000-memory.dmpFilesize
68KB
-
memory/1728-9-0x0000000000550000-0x0000000000551000-memory.dmpFilesize
4KB