800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64 | Triage

Resubmissions

03/02/2022, 13:26

220203-qpq5cahggm 3

01/02/2022, 11:13

220201-nbqkjsdear 10

01/02/2022, 11:12

220201-na5m3sdeak 10

31/12/2021, 08:31

211231-keqg6sggb4 10

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-en-20211208
submitted
01/02/2022, 11:13

Sharing

Report Analysis Logs

General

Target

ConsoleApp7.exe
Size

53KB
MD5

b2993b2a7a1edba14742564de7e85cb2
SHA1

cf7f1085978128cc082aec921d34d6d25e4ab19b
SHA256

800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
SHA512

a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
916	1608	WerFault.exe	18

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe
916	WerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1608	ConsoleApp7.exe
Token: SeDebugPrivilege	916	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 916	1608	ConsoleApp7.exe	28
PID 1608 wrote to memory of 916	1608	ConsoleApp7.exe	28
PID 1608 wrote to memory of 916	1608	ConsoleApp7.exe	28
PID 1608 wrote to memory of 916	1608	ConsoleApp7.exe	28

C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 1076
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-58-0x0000000000240000-0x00000000002A0000-memory.dmp

Filesize
384KB

Download
memory/1608-54-0x0000000000D40000-0x0000000000D52000-memory.dmp

Filesize
72KB

Download
memory/1608-55-0x0000000075D11000-0x0000000075D13000-memory.dmp

Filesize
8KB

Download
memory/1608-56-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download