Resubmissions
03-02-2022 13:26
220203-qpq5cahggm 301-02-2022 11:13
220201-nbqkjsdear 1001-02-2022 11:12
220201-na5m3sdeak 1031-12-2021 08:31
211231-keqg6sggb4 10Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
03-02-2022 13:26
General
-
Target
ConsoleApp7.exe
-
Size
53KB
-
MD5
b2993b2a7a1edba14742564de7e85cb2
-
SHA1
cf7f1085978128cc082aec921d34d6d25e4ab19b
-
SHA256
800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
-
SHA512
a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"C:\Users\Admin\AppData\Local\Temp\ConsoleApp7.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 10722⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1224-58-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/2016-54-0x0000000000300000-0x0000000000312000-memory.dmpFilesize
72KB
-
memory/2016-55-0x0000000075AB1000-0x0000000075AB3000-memory.dmpFilesize
8KB
-
memory/2016-56-0x0000000000760000-0x0000000000761000-memory.dmpFilesize
4KB