Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
01-11-2023 06:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
DEKONT S_659332597pdf.exe
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
DEKONT S_659332597pdf.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
DEKONT S_659332597pdf.exe
-
Size
84KB
-
MD5
7704ab6ad00b8b76f7669f49cbb4c61c
-
SHA1
68ddf50320e14400d15786db01c63e2d9f7c57fc
-
SHA256
d00df0899a734a3446d165fdf7f18e43e40b85b3296eb0b00e1d1fa2bd8f9bc9
-
SHA512
95c9358b9624511a1997031e2b983123518513489e6d0e03eaedddaa5185a299902971d87913fe04144bcb320303fb8b7fa090285135bf91046602c6ed549302
-
SSDEEP
1536:NTS1f1IEYJ3EoNQoB1qmy5eEw8IufaDRVOP/pa7zgr:NTGNIvJQoBueJuIR8PhaYr
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
DEKONT S_659332597pdf.exedescription pid process Token: SeDebugPrivilege 1632 DEKONT S_659332597pdf.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
DEKONT S_659332597pdf.exedescription pid process target process PID 1632 wrote to memory of 2648 1632 DEKONT S_659332597pdf.exe WerFault.exe PID 1632 wrote to memory of 2648 1632 DEKONT S_659332597pdf.exe WerFault.exe PID 1632 wrote to memory of 2648 1632 DEKONT S_659332597pdf.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DEKONT S_659332597pdf.exe"C:\Users\Admin\AppData\Local\Temp\DEKONT S_659332597pdf.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1632 -s 11682⤵PID:2648