Overview

overview

3

Static

static

winprofile

windows7-x64

1

winprofile

windows10-1703-x64

3

Resubmissions

16-10-2022 11:14

221016-nchlbshdap 3

16-10-2022 10:56

221016-m1636ahda5 3

Analysis

  • max time kernel
    52s
  • max time network
    264s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-10-2022 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65d79bcb58181b00759331f73e95c8eb2f1f44727f8073e09facb3994a2d1ef2.exe

  • Size

    3.4MB

  • MD5

    48fb8c36c0b9b03ccb49d9e4387fc0de

  • SHA1

    cff8a2e11db4326d0dc58cab66da1cf9cc806b99

  • SHA256

    65d79bcb58181b00759331f73e95c8eb2f1f44727f8073e09facb3994a2d1ef2

  • SHA512

    9d439b057fd65f49d5d7a52f446734464d347ace672724664d163a66cd4fca7967717d2ec930ec518d3212a9e0c822e31c5ec39097d77d7166ecd11a81601985

  • SSDEEP

    98304:1U3BhUKvDlARLczii8hKNIBFeKpAoVDkMQ26uYEAZVnXlTv:1KB/vDSRLcuFheCFLpvql2fOnXlb

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65d79bcb58181b00759331f73e95c8eb2f1f44727f8073e09facb3994a2d1ef2.exe
    "C:\Users\Admin\AppData\Local\Temp\65d79bcb58181b00759331f73e95c8eb2f1f44727f8073e09facb3994a2d1ef2.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3900
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3900 -s 1820
      2⤵
      • Program crash
      PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3900-116-0x0000014F51B20000-0x0000014F51E80000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3900-117-0x0000014F6C270000-0x0000014F6C54E000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3900-118-0x0000014F6FDD0000-0x0000014F700A4000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3900-119-0x0000014F700A0000-0x0000014F702B0000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3900-120-0x0000014F6C890000-0x0000014F6C8A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3900-121-0x0000014F70780000-0x0000014F70C4A000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3900-122-0x00007FFDFC3C0000-0x00007FFDFC59B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3900-123-0x00007FFDFC3C0000-0x00007FFDFC59B000-memory.dmp

    Filesize

    1.9MB

    Download