Analysis
-
max time kernel
110s -
max time network
50s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-09-2021 14:53
General
-
Target
ad8486d833e43c854bdcfc46cad06eca.exe
-
Size
69KB
-
MD5
ad8486d833e43c854bdcfc46cad06eca
-
SHA1
12c4b312e4c67bc31d6147dd40de1a0dae353821
-
SHA256
ac0ad304ab1e7320f73c544f59addcd0140f15e7b55cf81a9c5a72908a9657d2
-
SHA512
28c50d73b738c2803880c6ca2f7fbc22152949e5b3d0684933ce90a71196be99a2365cb229a0d02b3e56ef4c2ee0bef1b9ac60f08fab32ab72771d8c5d01a9b7
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad8486d833e43c854bdcfc46cad06eca.exe"C:\Users\Admin\AppData\Local\Temp\ad8486d833e43c854bdcfc46cad06eca.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1944 -s 5202⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1944-60-0x0000000000D20000-0x0000000000D21000-memory.dmpFilesize
4KB
-
memory/1944-62-0x00000000002D0000-0x00000000002D1000-memory.dmpFilesize
4KB
-
memory/2016-63-0x0000000000000000-mapping.dmp
-
memory/2016-64-0x000007FEFB891000-0x000007FEFB893000-memory.dmpFilesize
8KB
-
memory/2016-65-0x0000000001E40000-0x0000000001E41000-memory.dmpFilesize
4KB