70c0ef97db97e10004d5b57cb0a26f02aad81cf0bbef8e06f8557acabca625ea

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 17:30

Target

SecuriteInfo.com.Win32.RansomX-gen.12267.exe
Size

167KB
MD5

9fad3cd00c8dee4bb877f0f1fbb8dc84
SHA1

3f35f0e293d43d23223d2bce976fb37df71cf83c
SHA256

70c0ef97db97e10004d5b57cb0a26f02aad81cf0bbef8e06f8557acabca625ea
SHA512

4b6eaa9d381be4f5b4ce21935b9e1256e6c166e42c80eb57b49632820b19a4bd1e6b28bd28eb7498ca186f26549694be36761764f7897a7f8a231344bf732ec2
SSDEEP

3072:v+8t+lqKrGGyzJAaMo+E4uRW+2qJavzvT3JHK:v+8wiGSPt4Dzrd

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
420	820	WerFault.exe	51

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2436	svchost.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RansomX-gen.12267.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RansomX-gen.12267.exe"
1⤵
PID:820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 576
  2⤵
  - Program crash
  PID:420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 820 -ip 820
1⤵
PID:884

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2424

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2436

memory/820-0-0x00000000011C0000-0x00000000011C2000-memory.dmp

Filesize
8KB

Download
memory/2436-1-0x000002420DA40000-0x000002420DA50000-memory.dmp

Filesize
64KB

Download
memory/2436-17-0x000002420DB40000-0x000002420DB50000-memory.dmp

Filesize
64KB

Download
memory/2436-33-0x0000024215EB0000-0x0000024215EB1000-memory.dmp

Filesize
4KB

Download
memory/2436-35-0x0000024215EE0000-0x0000024215EE1000-memory.dmp

Filesize
4KB

Download
memory/2436-36-0x0000024215EE0000-0x0000024215EE1000-memory.dmp

Filesize
4KB

Download
memory/2436-37-0x0000024215FF0000-0x0000024215FF1000-memory.dmp

Filesize
4KB

Download