Analysis
-
max time kernel
41s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
04-04-2022 13:48
Static task
static1
Behavioral task
behavioral1
Sample
BLLLLAADDEE.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
BLLLLAADDEE.exe
-
Size
35KB
-
MD5
0a8d67dc73dadb3aafaa35ba4c522a99
-
SHA1
80ef67fc098bd298cf4d286adaf1e59dbace8211
-
SHA256
ccc3111d1efd08344fdaa03990ed7029b09e1a5f014424760b6ae2eae5539829
-
SHA512
f768f28c5981a53f36b670dc356bed13c9311c81064f1b36b062731ca4f76a336a81b7f3d447b549198ab8b50bf401a7cc0876575261e3e66cee26f9c88d1b15
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1292 1804 WerFault.exe BLLLLAADDEE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
BLLLLAADDEE.exedescription pid process Token: SeDebugPrivilege 1804 BLLLLAADDEE.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
BLLLLAADDEE.exedescription pid process target process PID 1804 wrote to memory of 1292 1804 BLLLLAADDEE.exe WerFault.exe PID 1804 wrote to memory of 1292 1804 BLLLLAADDEE.exe WerFault.exe PID 1804 wrote to memory of 1292 1804 BLLLLAADDEE.exe WerFault.exe PID 1804 wrote to memory of 1292 1804 BLLLLAADDEE.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BLLLLAADDEE.exe"C:\Users\Admin\AppData\Local\Temp\BLLLLAADDEE.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 11282⤵
- Program crash
PID:1292