986e56c244da18a08b3f05d721ca73c481ecaf4d2db364717abe74afe384b304 | Triage

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
29/06/2023, 02:53

Sharing

Report Analysis Logs

General

Target

FreeUseHouse.exe
Size

120KB
MD5

bace4bf2bfbcfeec40abecff0f8dfb33
SHA1

b8af303e573241628430dc86570d74611c39bc77
SHA256

986e56c244da18a08b3f05d721ca73c481ecaf4d2db364717abe74afe384b304
SHA512

a52b576d306bc96a56c59edf0db6bc29687fc74021b8c6d58a3014ce8163ba1ea48c4592976c0dac153a2a6f33ad98b3bfe2817f119a155f4534e238de356175
SSDEEP

3072:FG03Yj+8JlFCumUbyJlKP8HRvkduTK5Nrh2o9Dj0fmoQbbh:MiQ+IFCumUGekHRvEuO3go9kfnQPh

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1424	1632	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1496	AUDIODG.EXE
Token: 33	1496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1496	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1424	1632	FreeUseHouse.exe	27
PID 1632 wrote to memory of 1424	1632	FreeUseHouse.exe	27
PID 1632 wrote to memory of 1424	1632	FreeUseHouse.exe	27

C:\Users\Admin\AppData\Local\Temp\FreeUseHouse.exe
"C:\Users\Admin\AppData\Local\Temp\FreeUseHouse.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1632 -s 56
  2⤵
  - Program crash
  PID:1424

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1632-54-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download