Analysis
-
max time kernel
137s -
max time network
130s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
03-02-2022 08:05
General
-
Target
d2f181221ba9049c02ed7283c9144c7c.exe
-
Size
1.7MB
-
MD5
d2f181221ba9049c02ed7283c9144c7c
-
SHA1
b4ed1b4714112d5fc3c7b4673e19ed26ae4c6e85
-
SHA256
f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b
-
SHA512
ab0b9a029489f6b3a091c7823b5523ea3cfd8677b32eddd48ba7e64694e4146c3292589d9d09bd0cc5908c9d86c830ee21e75f8712e6f3a2cba2cfd853f372a1
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"C:\Users\Admin\AppData\Local\Temp\d2f181221ba9049c02ed7283c9144c7c.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 744 -s 12682⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/744-54-0x0000000000D80000-0x0000000000F42000-memory.dmpFilesize
1.8MB
-
memory/744-55-0x000000001B140000-0x000000001B142000-memory.dmpFilesize
8KB
-
memory/792-56-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmpFilesize
8KB
-
memory/792-57-0x0000000001CE0000-0x0000000001CE1000-memory.dmpFilesize
4KB