Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231201-en -
resource tags
arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system -
submitted
13-12-2023 01:40
Static task
static1
Behavioral task
behavioral1
Sample
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe
Resource
win10v2004-20231127-en
General
-
Target
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe
-
Size
51KB
-
MD5
7620ca719f502b7ca1d57d3c8a6992c7
-
SHA1
0548b3aa9ac9fc1781797e6717fa2b8d64309b0e
-
SHA256
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f
-
SHA512
e855fa6c133191d0fc9e12fe146160e4d600fb9adb5ae498b70077695a46432856fe5ded034058957c711c507ace1ae07245075b86b006692073e42824e867f5
-
SSDEEP
768:88vmj2dB9pR016DBvV1I/Ptw9wyjeBw2MuDGEPAMxkE9s:88zB9pC16V91I9ryjeuj2xps
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2176 2088 WerFault.exe 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exedescription pid process Token: SeDebugPrivilege 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exedescription pid process target process PID 2088 wrote to memory of 2176 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe WerFault.exe PID 2088 wrote to memory of 2176 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe WerFault.exe PID 2088 wrote to memory of 2176 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe WerFault.exe PID 2088 wrote to memory of 2176 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe"C:\Users\Admin\AppData\Local\Temp\21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 9402⤵
- Program crash
PID:2176