Resubmissions
03-02-2022 13:26
220203-qpq5cahggm 301-02-2022 11:13
220201-nbqkjsdear 1001-02-2022 11:12
220201-na5m3sdeak 1031-12-2021 08:31
211231-keqg6sggb4 10Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 11:13
General
-
Target
ConsoleApp7.exe
-
Size
53KB
-
MD5
b2993b2a7a1edba14742564de7e85cb2
-
SHA1
cf7f1085978128cc082aec921d34d6d25e4ab19b
-
SHA256
800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
-
SHA512
a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 10762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-58-0x0000000000240000-0x00000000002A0000-memory.dmpFilesize
384KB
-
memory/1608-54-0x0000000000D40000-0x0000000000D52000-memory.dmpFilesize
72KB
-
memory/1608-55-0x0000000075D11000-0x0000000075D13000-memory.dmpFilesize
8KB
-
memory/1608-56-0x00000000006A0000-0x00000000006A1000-memory.dmpFilesize
4KB