Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
10/05/2022, 12:37
Static task
static1
Behavioral task
behavioral1
Sample
f1e6bf4d43ee2975292f57112c8fcb5d.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
f1e6bf4d43ee2975292f57112c8fcb5d.exe
-
Size
264KB
-
MD5
f1e6bf4d43ee2975292f57112c8fcb5d
-
SHA1
6c52c3a0707c3f9fe78ef47993e5ba6a854ff0b1
-
SHA256
d7c1130bfed2081ab246aa229e524dd38eb91b22af6db68ddb89f1c760379d9a
-
SHA512
fdf0b02c3e2bef352b46880a88960d51e30f6132351064087c557ec6a96498905d7eb316e81d047d8988e1de9da715082617a999bdd239fc712c8c9b17d61656
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1304 880 WerFault.exe 26 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 880 f1e6bf4d43ee2975292f57112c8fcb5d.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 880 wrote to memory of 1304 880 f1e6bf4d43ee2975292f57112c8fcb5d.exe 27 PID 880 wrote to memory of 1304 880 f1e6bf4d43ee2975292f57112c8fcb5d.exe 27 PID 880 wrote to memory of 1304 880 f1e6bf4d43ee2975292f57112c8fcb5d.exe 27 PID 880 wrote to memory of 1304 880 f1e6bf4d43ee2975292f57112c8fcb5d.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\f1e6bf4d43ee2975292f57112c8fcb5d.exe"C:\Users\Admin\AppData\Local\Temp\f1e6bf4d43ee2975292f57112c8fcb5d.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 11322⤵
- Program crash
PID:1304
-