Analysis

  • max time kernel
    176s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 15:03

General

  • Target

    bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe

  • Size

    381KB

  • MD5

    83003c24123609acdec44b1263f6d66d

  • SHA1

    7154c1219a0b151051d930c6cc2063a170425d18

  • SHA256

    bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706

  • SHA512

    7f562d8bde844bc153e1743487c7594c520a2e44b3d732472a140af534c2b68dea4f18144c893196267ff81d22f13c4e6abc7112a27540324ede6ff61054f535

  • SSDEEP

    6144:Gsf/8tS6zpoyWktBnmYAlcw0hvd96/LM69hMNyJwO6:GsX8AYFTtBmYKcD196/oySNyqO6

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe
    "C:\Users\Admin\AppData\Local\Temp\bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4676
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 464
      2⤵
      • Program crash
      PID:2880
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4676 -ip 4676
    1⤵
      PID:4616

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads