Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
04-04-2022 13:49
Static task
static1
Behavioral task
behavioral1
Sample
BLLLLAADDEE.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
General
-
Target
BLLLLAADDEE.exe
-
Size
35KB
-
MD5
0a8d67dc73dadb3aafaa35ba4c522a99
-
SHA1
80ef67fc098bd298cf4d286adaf1e59dbace8211
-
SHA256
ccc3111d1efd08344fdaa03990ed7029b09e1a5f014424760b6ae2eae5539829
-
SHA512
f768f28c5981a53f36b670dc356bed13c9311c81064f1b36b062731ca4f76a336a81b7f3d447b549198ab8b50bf401a7cc0876575261e3e66cee26f9c88d1b15
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1628 1764 WerFault.exe BLLLLAADDEE.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
BLLLLAADDEE.exedescription pid process Token: SeDebugPrivilege 1764 BLLLLAADDEE.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
BLLLLAADDEE.exedescription pid process target process PID 1764 wrote to memory of 1628 1764 BLLLLAADDEE.exe WerFault.exe PID 1764 wrote to memory of 1628 1764 BLLLLAADDEE.exe WerFault.exe PID 1764 wrote to memory of 1628 1764 BLLLLAADDEE.exe WerFault.exe PID 1764 wrote to memory of 1628 1764 BLLLLAADDEE.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BLLLLAADDEE.exe"C:\Users\Admin\AppData\Local\Temp\BLLLLAADDEE.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 11282⤵
- Program crash