Analysis
-
max time kernel
147s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211104 -
submitted
03-12-2021 12:19
General
-
Target
7e3b08163812d6a9ff4e279058f603e5.exe
-
Size
388KB
-
MD5
7e3b08163812d6a9ff4e279058f603e5
-
SHA1
29a1e69c99fadc447a6958c24e45c71127e88d6b
-
SHA256
a6a4c5aaefa51d2f614a6f21e83b64d63e29fb868c8d410dacf317ad220f774a
-
SHA512
7682105ae32834638f77c1c3282bdc3eefc42d922843d12aa346f4c9b2d68269764677b29444953bbff8a9245d2c14416817e879550b170a1921d14366af492b
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e3b08163812d6a9ff4e279058f603e5.exe"C:\Users\Admin\AppData\Local\Temp\7e3b08163812d6a9ff4e279058f603e5.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 6682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1372-61-0x0000000000000000-mapping.dmp
-
memory/1372-62-0x0000000000420000-0x0000000000421000-memory.dmpFilesize
4KB
-
memory/1412-55-0x00000000009A0000-0x00000000009A1000-memory.dmpFilesize
4KB
-
memory/1412-57-0x0000000075141000-0x0000000075143000-memory.dmpFilesize
8KB
-
memory/1412-58-0x00000000003E0000-0x00000000003E8000-memory.dmpFilesize
32KB
-
memory/1412-59-0x0000000000660000-0x0000000000661000-memory.dmpFilesize
4KB
-
memory/1412-60-0x0000000005110000-0x000000000515B000-memory.dmpFilesize
300KB