Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2022 12:10

General

  • Target

    palmic.exe

  • Size

    66KB

  • MD5

    ec56a21c8ee1d373f5e892cc19a14441

  • SHA1

    e2834f9bfe32bb1a6b4fbb4cff128e8dcdece15b

  • SHA256

    3129b84bf731a2348ea99a5d7e03c9b52993963a88607ad149b13b7cba499f19

  • SHA512

    b78ca39248267de920b270323134d354cabee4fc434f1ba216669d504ffdc5e2b7cd45d54e48f457cfc9afb4cc1a52d91a0523fa7899ea8f36324668c0bd5532

  • SSDEEP

    768:Yy8W6IZhbT3GpO1gyapErmN7uPS/Zp8Hk/8gV90DBVpGwDO+snK5k41PMArE7+6d:YHI72gQk+NoVLsK5k410jEY+ICyjZ

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\palmic.exe
    "C:\Users\Admin\AppData\Local\Temp\palmic.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 1184
      2⤵
      • Program crash
      PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1212-54-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

  • memory/1212-55-0x0000000000440000-0x0000000000448000-memory.dmp

    Filesize

    32KB

  • memory/1212-56-0x0000000000450000-0x0000000000456000-memory.dmp

    Filesize

    24KB

  • memory/1212-57-0x0000000075E11000-0x0000000075E13000-memory.dmp

    Filesize

    8KB