Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2022 10:47

General

  • Target

    SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe

  • Size

    22KB

  • MD5

    1310646bc42b16eb07ffe30fe7ffc2cc

  • SHA1

    9b24e599bfdb6ea1f31594400b155daba1e33c5f

  • SHA256

    8a07f89b4dee439c3440a9aea91436c3d73f0e07504a0b841b9ac56cb423aca0

  • SHA512

    b2ebbb5a836c3ea5c00ba84272b9463d30eded1e955eace75b15f4f1431c5f421b64b40d6cc568ab417358a83fa5c5a0fa4592c33a19c195f69f64764cb017ca

  • SSDEEP

    384:ftxafuqsQniJnOUYjxJhT7KSENddXLH51NnnjLYbjmjI:fdoKnXLH51NnnkyjI

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 1136
      2⤵
      • Program crash
      PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1552-54-0x0000000000800000-0x000000000080A000-memory.dmp

    Filesize

    40KB

  • memory/1552-55-0x0000000075681000-0x0000000075683000-memory.dmp

    Filesize

    8KB