Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
01-12-2021 13:38
General
-
Target
.winlogon.exe
-
Size
775KB
-
MD5
6e2d47ac54d18c964c90915a010dc6fb
-
SHA1
fe3feb8c8a884f3bef05c4208db9569962dfed06
-
SHA256
ef44665a6222b35530d4bb9614ecb283c87dc3f32e1a054778ff50735a4abfe0
-
SHA512
ed690ba47d9460d6c5512fd827b45c638db13db2b87c063cddc54f249523c870df2438603acf033af73165db7107b9fcd319f550f345e1ab0e596c870a1ee7bc
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\.winlogon.exe"C:\Users\Admin\AppData\Local\Temp\.winlogon.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 7122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/592-55-0x0000000000180000-0x0000000000181000-memory.dmpFilesize
4KB
-
memory/592-57-0x0000000075AC1000-0x0000000075AC3000-memory.dmpFilesize
8KB
-
memory/592-58-0x0000000004D70000-0x0000000004D71000-memory.dmpFilesize
4KB
-
memory/592-59-0x0000000000380000-0x0000000000386000-memory.dmpFilesize
24KB
-
memory/592-60-0x0000000007E50000-0x0000000007EDF000-memory.dmpFilesize
572KB
-
memory/1488-61-0x0000000000000000-mapping.dmp
-
memory/1488-62-0x0000000000590000-0x0000000000591000-memory.dmpFilesize
4KB