Overview

overview

10

Static

static

1

5d649c5aa2...9d.exe

windows7-x64

10

5d649c5aa2...9d.exe

windows10-2004-x64

10

a7c006a79a...8e.exe

windows7-x64

3

a7c006a79a...8e.exe

windows10-2004-x64

3

c846e7bbbc...31.exe

windows7-x64

10

c846e7bbbc...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07-02-2023 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe

  • Size

    323.8MB

  • MD5

    6315802a5c2570a5dc6460eaccc678a4

  • SHA1

    3805588acfce5c1b0eeb5bd2e16a912208a77549

  • SHA256

    f7a0c0519fc45fc498b46399982886633c79ba4c72d07fc9836cb5be2fb4685d

  • SHA512

    05f379390a4ce1bab9799ae19f6d8cba862bb37eca8a6c98fae790342eb8ad626d79c63ad0c5c2e038f8368df7bc8a6fc1315b25c543651f2266bcfffe8a3cdd

  • SSDEEP

    96:WAwa5N9p+ZNLDApFY1jAdhkxgqEQGnQUzNtd:WAwa5grL+OEyxgfFn/r

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe
    "C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 1192
      2⤵
      • Program crash
      PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1164-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1256-54-0x0000000000930000-0x0000000000938000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1256-55-0x0000000076531000-0x0000000076533000-memory.dmp
    Filesize

    8KB

    Download