6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe
Size

7.4MB
MD5

2f6e69894dca46774c9f6a4a49ac3e8f
SHA1

3f96c2c3fe0775982518242e5f4cd1ec55eb18f1
SHA256

6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9
SHA512

dd7c1bc2d082df17a2f490c074a152961084b154e1713a8fd8589a18c6669d6b70abc3d92e12480fef00815823104cfef36b709873fc55d61b4191a2870e0300
SSDEEP

196608:T1z/Z5PZ6NS3XophlBVDHqwbhVaBV13rtWjev2JVzA:OhT9HqEDrD

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4472	3500	WerFault.exe	87

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSystemtimePrivilege	3500	6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3500	6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe
3500	6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe

C:\Users\Admin\AppData\Local\Temp\6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe
"C:\Users\Admin\AppData\Local\Temp\6e6b14f06c3167641c0dfd6be4aab2716cb8489647241eba89bfd25b3be306f9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 1468
  2⤵
  - Program crash
  PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3500 -ip 3500
1⤵
PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
621B

MD5
8d8e017a1898e3d1647c6cb9298365f0

SHA1
dcd6f73e4c5ffac46fd7e3e87f91af8072eb8cb0

SHA256
067c13175d481e5cb64afb06fd4d2b46316a2b3698821299c31d6c868c8d22ca

SHA512
8d27abd1dde17d8810f655a23827302444e687f1d25b001f9f6e4ca08a60ec2609ae6ccf11453aeff99c30c0f9b088274393fc70ff6576d162bc7ba4e8c0778b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
4d0615308d1a26e71bb319a749f6327d

SHA1
a8a01a3a1e1c6f7f4a4e050ceff3c6192699b85b

SHA256
ba9134bf1ea752e7f77e739e14c2af31920d110349c67d7edcf546fa0eafab96

SHA512
61ea0f3ad4f498883354f21ca8ad641a91f028c4225b7d4aa7a3daf276f1ec4efb469cc650cccc96a6d7914d8f65447c8a1aba09776884b3f292e3f63cf36eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
b8e12d58f4a1104662f6d086bd5e4af2

SHA1
0fd54d3f4f05072eebf54b42d2c86686c1f7ec69

SHA256
b79765e51e2ad0ebedbc2914aeff3c63a93c8d41b943c2347448cbe5b41b5b39

SHA512
865efca8adea67ba8613781825482a2b0cd5a3e399d14698122934f982cdb27fcf9b7e7e9a4b7583dd1480ce6e70c9be2554c2afe822af3daf52b5f2886c6c16

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
9dab5f69644761aff3e67ce2d49c2c1f

SHA1
d32f44841fd8e40af84336d7e919c699d440d5c9

SHA256
813fce88a7359cced44f3e7696db09426ba7482b9ca5203aa728793793796c1c

SHA512
0d45fcf81543b9d2293e064c66553e6d4b44d586d9ae5df04f4c7568b1ece22f4d69daf8af4e0e92b097520db524de2ac63678ab9da67f8a12aee916423376f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
3a9999437d4ba688142cb525bc172b1c

SHA1
dae073ceab6bcd1d3b7f36cefc606814f17f7197

SHA256
03d9c6e4ee6e65368433f77728f416e55f0fc8ba54e731b37673b5bdad794860

SHA512
940f8f271787ac1e1ae4b75c976a8e5e3bde3bc8f97da86f3c14bdd04011dba7b4ff920372a944ba6af449232e181f7bbabc8d41f903fff0210b8b0ec00b02b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
3e4aed988bcbcc027b12806c56267310

SHA1
38b48e14c78931fcc289458e8ecba6c86cbdd83a

SHA256
b18f5fa6788854396eb5c77fc539a0636e857ca1899058c09c060b3e3cf738b3

SHA512
63e60cfe1a95f40291f07910860f2aa093f84fae9202bf26a8d9d2b5e80f9ff4163821b718e004b0af1544b2783a1048b0c7434ce45f32f59c51c655d74b2be7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
4849153b5ad54a142329a80e626382ac

SHA1
0937464dedec30a295daf4fc625d7d399f256259

SHA256
6b4faf51abadba3e69429577402d4d171990aa99f8511d19e1b27763989c246f

SHA512
2cd2a068a254d389aaf33139f4ce15b312aacf52e17e5b02dcc51192e0dee54163a4f1da93fcfc56de1a4b5215545d296a1a24cea60d07e71cfd2964d23a189a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
3KB

MD5
4849153b5ad54a142329a80e626382ac

SHA1
0937464dedec30a295daf4fc625d7d399f256259

SHA256
6b4faf51abadba3e69429577402d4d171990aa99f8511d19e1b27763989c246f

SHA512
2cd2a068a254d389aaf33139f4ce15b312aacf52e17e5b02dcc51192e0dee54163a4f1da93fcfc56de1a4b5215545d296a1a24cea60d07e71cfd2964d23a189a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÅäÖÃ.ini

Filesize
1KB

MD5
1e443e2aeff2e9e6703411246434e6a6

SHA1
cf880494dad06eb1aa14c65b8b51e656e868d7e2

SHA256
caa63ca9d8afed1f4a0ec079d5a8084892861098fc486a37b0af26f143b9292f

SHA512
0e57af0db57d0ca4309d7ccae35421c7326dca703226b1cc8a45cbb08e479a48fffb6e0cb81322c98be20b335ac6e7747047e107da207f66cf25aca26b53d863

Download Submit
memory/3500-3-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-381-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/3500-10-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-6-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-5-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-4-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-371-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-11-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-0-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-1-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-379-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-380-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-2-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download
memory/3500-383-0x0000000000400000-0x0000000000B9E000-memory.dmp

Filesize
7.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads