Analysis

  • max time kernel
    136s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    15-09-2021 06:55

General

  • Target

    a6fc0d48408d69e288d47a21659176f1.exe

  • Size

    841KB

  • MD5

    a6fc0d48408d69e288d47a21659176f1

  • SHA1

    dec8694a310328e062aeec260b84792f0ac11250

  • SHA256

    4e86e4ab9e20e94144838555a5e28d455f8998142d53a46f659cc9d07b2f458d

  • SHA512

    903a2f49b5bc8371ff4cd8bd10b9c49f1258293ca55c450aca5661b6c93d44ca811eb716afb14df620d40c1daae80f115dc5a31c494b7d14165d77c526a9a980

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6fc0d48408d69e288d47a21659176f1.exe
    "C:\Users\Admin\AppData\Local\Temp\a6fc0d48408d69e288d47a21659176f1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 176
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1476-53-0x0000000076071000-0x0000000076073000-memory.dmp
    Filesize

    8KB

  • memory/1476-54-0x00000000003B0000-0x00000000003B1000-memory.dmp
    Filesize

    4KB

  • memory/1728-55-0x0000000000000000-mapping.dmp
  • memory/1728-57-0x0000000000A50000-0x0000000000A51000-memory.dmp
    Filesize

    4KB