Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
31-10-2023 07:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Ttwsg.exe
Resource
win7-20231025-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Ttwsg.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
11 signatures
150 seconds
General
-
Target
Ttwsg.exe
-
Size
64KB
-
MD5
92877b963c90599d222a3c851dbbdaa1
-
SHA1
c2c4de2c7c5681f3be5c2ddca7f5ff7330d76dfd
-
SHA256
80b55aa26af1c8cb84556ced208b0338313aa010bbb544cbb6a87f023b77899b
-
SHA512
bd6b41b405cc333ceccd24fe68154216d1a8104639e5a1fe488f9436e2cd8a1e4900d81ef81364f0f8484d783608aef0632afee7d05677889f335d8dafcb0c2d
-
SSDEEP
1536:lBWET/xqKbqqMaWFwRfi0BVIHrtokNgRxv4v:l7/vGii2VILtPaRxk
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Ttwsg.exedescription pid process Token: SeDebugPrivilege 3024 Ttwsg.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Ttwsg.exedescription pid process target process PID 3024 wrote to memory of 2092 3024 Ttwsg.exe WerFault.exe PID 3024 wrote to memory of 2092 3024 Ttwsg.exe WerFault.exe PID 3024 wrote to memory of 2092 3024 Ttwsg.exe WerFault.exe