Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 22:30
Static task
static1
Behavioral task
behavioral1
Sample
a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe
Resource
win10v2004-20230915-en
General
-
Target
a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe
-
Size
1.5MB
-
MD5
2fa9acd0775d8e6e767d74227759d812
-
SHA1
aabc0c9de290834f1b021ebd757d7588e082cc59
-
SHA256
a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947
-
SHA512
0eaa8d70942288d53638e9ba0a0dcb42baa3bb5daa2a57983b243f371788d89a67cdcc8d86672ff217975089b1ae69ae4a98eaf312ccc424d084388ca0dfe896
-
SSDEEP
24576:eu7d3LpCztAG48YQcHaakCf0wVrFhQd5kcqAI:bLr8nurFhQdC
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 912 3348 WerFault.exe 84 1648 3348 WerFault.exe 84 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3348 a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3348 a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe"C:\Users\Admin\AppData\Local\Temp\a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947_JC.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3348 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 19682⤵
- Program crash
PID:912
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 10322⤵
- Program crash
PID:1648
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3348 -ip 33481⤵PID:3668
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3348 -ip 33481⤵PID:2452