Analysis
-
max time kernel
26s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-ja -
resource tags
arch:x64arch:x86image:win7-20230703-jalocale:ja-jpos:windows7-x64systemwindows -
submitted
04/07/2023, 17:53
Static task
static1
Behavioral task
behavioral1
Sample
[VN][Studio-Miris][--Tb9oBdvAqZ.exe
Resource
win7-20230703-ja
Behavioral task
behavioral2
Sample
[VN][Studio-Miris][--Tb9oBdvAqZ.exe
Resource
win10v2004-20230703-ja
Behavioral task
behavioral3
Sample
_.exe
Resource
win7-20230703-ja
Behavioral task
behavioral4
Sample
_.exe
Resource
win10v2004-20230703-ja
General
-
Target
_.exe
-
Size
87KB
-
MD5
a05a917f67edcba06cac9040f450a64b
-
SHA1
0770b6d19d75d8bd201e720d2fa04d54ac3a3c9c
-
SHA256
8a83d1b544aa4f22e53fdfc576561753b503558b4e0d529e160e56bc89326e9c
-
SHA512
a048b16d940e029235fd83ffa1c4ccd8d9b07c066a1bae7f4caddc177ac690a8f73550e9468100a8b6ac168b3651e30355dd0861d925bd03f0f65c1552c970da
-
SSDEEP
1536:vugkfdWgyjWHSGkJSm6h8N9d6tj89yYifnNs5IO4ixa:MWpWmJShh8N75PONsmO4j
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1768 2412 WerFault.exe 28 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2412 _.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2412 wrote to memory of 1768 2412 _.exe 29 PID 2412 wrote to memory of 1768 2412 _.exe 29 PID 2412 wrote to memory of 1768 2412 _.exe 29