800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64 | Triage

Resubmissions

03-02-2022 13:26

220203-qpq5cahggm 3

01-02-2022 11:13

220201-nbqkjsdear 10

01-02-2022 11:12

220201-na5m3sdeak 10

31-12-2021 08:31

211231-keqg6sggb4 10

Analysis

max time kernel
137s
max time network
146s
platform
windows7_x64
resource
win7-en-20211208
submitted
03-02-2022 13:26

Sharing

Report Analysis Logs

General

Target

ConsoleApp7.exe
Size

53KB
MD5

b2993b2a7a1edba14742564de7e85cb2
SHA1

cf7f1085978128cc082aec921d34d6d25e4ab19b
SHA256

800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
SHA512

a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1224	2016	WerFault.exe	15

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe
1224	WerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2016	ConsoleApp7.exe
Token: SeDebugPrivilege	1224	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1224	2016	ConsoleApp7.exe	29
PID 2016 wrote to memory of 1224	2016	ConsoleApp7.exe	29
PID 2016 wrote to memory of 1224	2016	ConsoleApp7.exe	29
PID 2016 wrote to memory of 1224	2016	ConsoleApp7.exe	29

C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe
"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 1072
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-58-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2016-54-0x0000000000300000-0x0000000000312000-memory.dmp

Filesize
72KB

Download
memory/2016-55-0x0000000075AB1000-0x0000000075AB3000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download