Analysis
-
max time kernel
4294090s -
max time network
14s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
14-03-2022 19:53
Static task
static1
Behavioral task
behavioral1
Sample
mannzx.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
mannzx.exe
Resource
win10-20220223-en
windows10_x64
0 signatures
0 seconds
General
-
Target
mannzx.exe
-
Size
37KB
-
MD5
89acff9ec4590de79e9fb5c288f5adb0
-
SHA1
ceb8a931df9c18e5e555afabc92b2fbb0c9ab20a
-
SHA256
456050b3b656fc30777d31163ef1677302f224c4d36bc43dff99ae91fec67d61
-
SHA512
784191035890be46a75a64760c55004271451043f85f3422d8273d29e682adea05bb491014159a2def13fb8255a9cb5bd40d64f17bb15bda41b4c4ec4ab21a90
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1740 972 WerFault.exe mannzx.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
mannzx.exedescription pid process Token: SeDebugPrivilege 972 mannzx.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
mannzx.exedescription pid process target process PID 972 wrote to memory of 1740 972 mannzx.exe WerFault.exe PID 972 wrote to memory of 1740 972 mannzx.exe WerFault.exe PID 972 wrote to memory of 1740 972 mannzx.exe WerFault.exe PID 972 wrote to memory of 1740 972 mannzx.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\mannzx.exe"C:\Users\Admin\AppData\Local\Temp\mannzx.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 11282⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/972-54-0x0000000000090000-0x000000000009E000-memory.dmpFilesize
56KB
-
memory/972-55-0x0000000074CE0000-0x00000000753CE000-memory.dmpFilesize
6.9MB
-
memory/972-56-0x0000000075B01000-0x0000000075B03000-memory.dmpFilesize
8KB
-
memory/972-57-0x0000000004E20000-0x0000000004E21000-memory.dmpFilesize
4KB