ce67dd2cbfbc22d1ee45c2429da775036c0894f72021df6ab0eb849e96e29daf | Triage

Analysis

max time kernel
45s
max time network
79s
platform
windows7_x64
resource
win7-20220414-en
submitted
21-06-2022 09:13

Sharing

Report Analysis Logs

General

Target

Mqidfbn.exe
Size

62KB
MD5

fa78ece109e579e23450df0e22125016
SHA1

f8a67ae477d06f287c1186fae9e8c5e51ca2f751
SHA256

ce67dd2cbfbc22d1ee45c2429da775036c0894f72021df6ab0eb849e96e29daf
SHA512

1b20859efaa4eac89b405873fac634839c5b9ade6d2aa53c7b329ae5d1b8b1da9eccc4f1411ccfff82c24347697dc1ea46c24f88a9da2f69c14b90bab5882522

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1452	1080	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1080	Mqidfbn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 1452	1080	Mqidfbn.exe	27
PID 1080 wrote to memory of 1452	1080	Mqidfbn.exe	27
PID 1080 wrote to memory of 1452	1080	Mqidfbn.exe	27
PID 1080 wrote to memory of 1452	1080	Mqidfbn.exe	27

C:\Users\Admin\AppData\Local\Temp\Mqidfbn.exe
"C:\Users\Admin\AppData\Local\Temp\Mqidfbn.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 1612
  2⤵
  - Program crash
  PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-54-0x0000000000190000-0x00000000001A6000-memory.dmp

Filesize
88KB

Download
memory/1080-55-0x00000000752D1000-0x00000000752D3000-memory.dmp

Filesize
8KB

Download