Resubmissions
03-02-2022 13:26
220203-qpq5cahggm 301-02-2022 11:13
220201-nbqkjsdear 1001-02-2022 11:12
220201-na5m3sdeak 1031-12-2021 08:31
211231-keqg6sggb4 10Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 11:13
Static task
static1
Behavioral task
behavioral1
Sample
ConsoleApp7.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ConsoleApp7.exe
Resource
win10v2004-en-20220112
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
ConsoleApp7.exe
-
Size
53KB
-
MD5
b2993b2a7a1edba14742564de7e85cb2
-
SHA1
cf7f1085978128cc082aec921d34d6d25e4ab19b
-
SHA256
800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
-
SHA512
a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 916 1608 WerFault.exe ConsoleApp7.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
WerFault.exepid process 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe 916 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
ConsoleApp7.exeWerFault.exedescription pid process Token: SeDebugPrivilege 1608 ConsoleApp7.exe Token: SeDebugPrivilege 916 WerFault.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ConsoleApp7.exedescription pid process target process PID 1608 wrote to memory of 916 1608 ConsoleApp7.exe WerFault.exe PID 1608 wrote to memory of 916 1608 ConsoleApp7.exe WerFault.exe PID 1608 wrote to memory of 916 1608 ConsoleApp7.exe WerFault.exe PID 1608 wrote to memory of 916 1608 ConsoleApp7.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 10762⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/916-58-0x0000000000240000-0x00000000002A0000-memory.dmpFilesize
384KB
-
memory/1608-54-0x0000000000D40000-0x0000000000D52000-memory.dmpFilesize
72KB
-
memory/1608-55-0x0000000075D11000-0x0000000075D13000-memory.dmpFilesize
8KB
-
memory/1608-56-0x00000000006A0000-0x00000000006A1000-memory.dmpFilesize
4KB