897616b24bebbd22e1434c357b3c069889fa7c8d7e2ec1b679f7ee6bc2c270f4 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-05-2023 08:04

Sharing

Report Analysis Logs

General

Target

AWB25637373283GT.exe
Size

8KB
MD5

765e838105b7c2f6937d93f94336400f
SHA1

349cd40b0d346a164d68665a1a81f8233d482d81
SHA256

e1e5649b11992bddafd4ca3b16396043eb4049b58c7500237fdd307a0d414102
SHA512

57eac422db79f9efb53f95eeb928ed1ac9afa33fe4af58dcb6a6bcfbe6e920f089f477220f6e8a23bbbed36e8162ca1f9c4ed3cc6dc9e2444d4648f8297c53ce
SSDEEP

192:KjfON+D5LUELalfNXTRe5YqM0UP8mmILgmNfDTgP6F:BMLUELsfNXdPjngP6

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
268	928	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	928	AWB25637373283GT.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 268	928	AWB25637373283GT.exe	28
PID 928 wrote to memory of 268	928	AWB25637373283GT.exe	28
PID 928 wrote to memory of 268	928	AWB25637373283GT.exe	28
PID 928 wrote to memory of 268	928	AWB25637373283GT.exe	28

C:\Users\Admin\AppData\Local\Temp\AWB25637373283GT.exe
"C:\Users\Admin\AppData\Local\Temp\AWB25637373283GT.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 1264
  2⤵
  - Program crash
  PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/928-54-0x0000000001220000-0x0000000001228000-memory.dmp

Filesize
32KB

Download
memory/928-55-0x00000000049F0000-0x0000000004A30000-memory.dmp

Filesize
256KB

Download
memory/928-56-0x00000000049F0000-0x0000000004A30000-memory.dmp

Filesize
256KB

Download