Analysis
-
max time kernel
176s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 15:03
Static task
static1
Behavioral task
behavioral1
Sample
bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe
Resource
win10v2004-20220812-en
General
-
Target
bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe
-
Size
381KB
-
MD5
83003c24123609acdec44b1263f6d66d
-
SHA1
7154c1219a0b151051d930c6cc2063a170425d18
-
SHA256
bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706
-
SHA512
7f562d8bde844bc153e1743487c7594c520a2e44b3d732472a140af534c2b68dea4f18144c893196267ff81d22f13c4e6abc7112a27540324ede6ff61054f535
-
SSDEEP
6144:Gsf/8tS6zpoyWktBnmYAlcw0hvd96/LM69hMNyJwO6:GsX8AYFTtBmYKcD196/oySNyqO6
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2880 4676 WerFault.exe 82 -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeShutdownPrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeCreatePagefilePrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeShutdownPrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeCreatePagefilePrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeShutdownPrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeCreatePagefilePrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeShutdownPrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeCreatePagefilePrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeShutdownPrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe Token: SeCreatePagefilePrivilege 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4676 bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe"C:\Users\Admin\AppData\Local\Temp\bb7f3eda45f6778f485ba585195cad9cfd7535ea0d5ec26962abafe7034cb706.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4676 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 4642⤵
- Program crash
PID:2880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4676 -ip 46761⤵PID:4616