Overview

overview

10

Static

static

1

5d649c5aa2...9d.exe

windows7-x64

10

5d649c5aa2...9d.exe

windows10-2004-x64

10

a7c006a79a...8e.exe

windows7-x64

3

a7c006a79a...8e.exe

windows10-2004-x64

3

c846e7bbbc...31.exe

windows7-x64

10

c846e7bbbc...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-02-2023 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe

  • Size

    323.8MB

  • MD5

    6315802a5c2570a5dc6460eaccc678a4

  • SHA1

    3805588acfce5c1b0eeb5bd2e16a912208a77549

  • SHA256

    f7a0c0519fc45fc498b46399982886633c79ba4c72d07fc9836cb5be2fb4685d

  • SHA512

    05f379390a4ce1bab9799ae19f6d8cba862bb37eca8a6c98fae790342eb8ad626d79c63ad0c5c2e038f8368df7bc8a6fc1315b25c543651f2266bcfffe8a3cdd

  • SSDEEP

    96:WAwa5N9p+ZNLDApFY1jAdhkxgqEQGnQUzNtd:WAwa5grL+OEyxgfFn/r

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe
    "C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3172
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 1696
      2⤵
      • Program crash
      PID:4272
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3172 -ip 3172
    1⤵
      PID:3572

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3172-132-0x0000000000760000-0x0000000000768000-memory.dmp
      Filesize

      32KB

      Download