Analysis
-
max time kernel
118s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
30/10/2023, 19:27 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Statement20233010.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Statement20233010.exe
Resource
win10v2004-20231020-en
General
-
Target
Statement20233010.exe
-
Size
19KB
-
MD5
04bfbe662c6fe75d48c45571e1cdb17f
-
SHA1
6fcf8dcd30720bd5ceb7ce3f7d1dcea225b989db
-
SHA256
a5bea05a2f6c78eef246760dc715dd3fe10b0615ac161efbeb8a2cf6c9836499
-
SHA512
1523cf548f549148b1c12fdfce9469c83eb97e18f45b5f5469050052451535e2336329b8b4886f17b0944d38de0d92ee605f5995badf07796f981b81a65df8c0
-
SSDEEP
384:O/6i+tTBROM5DWvizocBuLXMEgsYCPGMpizIlkyVT6AstGyFFLuUW:OS9O2NMpizvt1XLu9
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2640 2160 WerFault.exe 18 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2160 Statement20233010.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2640 2160 Statement20233010.exe 28 PID 2160 wrote to memory of 2640 2160 Statement20233010.exe 28 PID 2160 wrote to memory of 2640 2160 Statement20233010.exe 28 PID 2160 wrote to memory of 2640 2160 Statement20233010.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe"C:\Users\Admin\AppData\Local\Temp\Statement20233010.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 16402⤵
- Program crash
PID:2640
-
Network
-
Remote address:8.8.8.8:53Requestonedrive.live.comIN AResponseonedrive.live.comIN CNAMEweb.fe.1drv.comweb.fe.1drv.comIN CNAMEodc-web-geo.onedrive.akadns.netodc-web-geo.onedrive.akadns.netIN CNAMEodc-web-brs.onedrive.akadns.netodc-web-brs.onedrive.akadns.netIN CNAMEodwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.netodwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.netIN CNAMEl-0004.l-msedge.netl-0004.l-msedge.netIN A13.107.42.13
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf