758725808418413e65a4c5719c7c2a54ae9a8b720728ed3c33f28ac1b89ba1b0 | Triage

Analysis

max time kernel
26s
max time network
32s
platform
windows7_x64
resource
win7-20230703-ja
resource tags

arch:x64arch:x86image:win7-20230703-jalocale:ja-jpos:windows7-x64systemwindows
submitted
04/07/2023, 17:53

Sharing

Report Analysis Logs

General

Target

_.exe
Size

87KB
MD5

a05a917f67edcba06cac9040f450a64b
SHA1

0770b6d19d75d8bd201e720d2fa04d54ac3a3c9c
SHA256

8a83d1b544aa4f22e53fdfc576561753b503558b4e0d529e160e56bc89326e9c
SHA512

a048b16d940e029235fd83ffa1c4ccd8d9b07c066a1bae7f4caddc177ac690a8f73550e9468100a8b6ac168b3651e30355dd0861d925bd03f0f65c1552c970da
SSDEEP

1536:vugkfdWgyjWHSGkJSm6h8N9d6tj89yYifnNs5IO4ixa:MWpWmJShh8N75PONsmO4j

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1768	2412	WerFault.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2412	_.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1768	2412	_.exe	29
PID 2412 wrote to memory of 1768	2412	_.exe	29
PID 2412 wrote to memory of 1768	2412	_.exe	29

C:\Users\Admin\AppData\Local\Temp\_.exe
"C:\Users\Admin\AppData\Local\Temp\_.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2412 -s 664
  2⤵
  - Program crash
  PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2412-54-0x0000000000F00000-0x0000000000F18000-memory.dmp

Filesize
96KB

Download
memory/2412-55-0x000000001A960000-0x000000001A9E0000-memory.dmp

Filesize
512KB

Download
memory/2412-56-0x000000001A960000-0x000000001A9E0000-memory.dmp

Filesize
512KB

Download