2ef764844979a5cfb3aed413b54c1239571a2d5a4502d4497017b0eba9701ea9 | Triage

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2023, 13:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

7.0MB
MD5

4ff70d1de9534580d6fb4af15d58b5d2
SHA1

fe7b68701a034c8b01759fab3c0f5953baf7b747
SHA256

dd6672ed4e8fc8791755a89f823a17dc7c1c0685678b997bd85a1751767879af
SHA512

3af3cd48dceff60d3a0652d85b95473a744689d09c6fb8634e96027f5a1dc61be6cb72eb9ce6a5d719b23872fab7586f6af0b4eb23be952c1d66e0075317e8d1
SSDEEP

196608:ZC9qHNYpOprWYy91XHOQIoVm//7S3VvT3Ygjv+:ZCUHNkOprfy91XHOBH/u3hYgjv+

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4532	444	WerFault.exe	83

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	444	Setup.exe

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:444
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 444 -s 1720
  2⤵
  - Program crash
  PID:4532

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 448 -p 444 -ip 444
1⤵
PID:3696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/444-133-0x000001EB47F70000-0x000001EB48674000-memory.dmp

Filesize
7.0MB

Download
memory/444-134-0x000001EB489E0000-0x000001EB489EA000-memory.dmp

Filesize
40KB

Download
memory/444-135-0x000001EB62BE0000-0x000001EB62BF0000-memory.dmp

Filesize
64KB

Download
memory/444-136-0x000001EB62BE0000-0x000001EB62BF0000-memory.dmp

Filesize
64KB

Download