Overview

overview

7

Static

static

3

107954e1ff...b3.exe

windows7-x64

7

107954e1ff...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    107954e1ff835f9a31268b164fad01b3.exe

  • Size

    756KB

  • MD5

    107954e1ff835f9a31268b164fad01b3

  • SHA1

    e9bd85e89cc1f1e6ee4b887612b9c7efdb573b4a

  • SHA256

    71fe42bea55c3703ce4e30aa0b17568fdf959061b060a164b095296cf1666ec1

  • SHA512

    2cd54c34814b5af4cc017c707334f75a189dc6f54704f24dfade8d3908c654acbcb55f04fc4ef409bd34f15e1031f731f2369a7a1fe7b1dc6423434fe432b4b8

  • SSDEEP

    12288:sQlkgu2kPOI2xj/u2JT5x2Ha8WmQE1qFodzBQJuesvAX97BYIw:8WkPOI2x//zYHa8WmQEQyoErINBYI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\107954e1ff835f9a31268b164fad01b3.exe
    "C:\Users\Admin\AppData\Local\Temp\107954e1ff835f9a31268b164fad01b3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      C:\Users\Admin\AppData\Roaming\svchost.exe
      2⤵
      • Executes dropped EXE
      PID:3344
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 760
        3⤵
        • Program crash
        PID:3440
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 3344 -ip 3344
    1⤵
      PID:2440

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\svchost.exe
      Filesize

      92KB

      MD5

      1fa78686c370bb7a2625a9c285ea0e2f

      SHA1

      74ac9e772d6933672b87c7e84da0b79e6397335c

      SHA256

      94d387aea02283a804b3d4b844f06bc6af75b79a5af8bdf2ff2e0002595ff313

      SHA512

      f00bf93c2a3b9a306fe53513dfc296e2cb64052888d8209d5e14701259fdce4927e6c73fe54e86b2a709420adb3f428d5320ca770b95dadb194de49fc808eb99

      Download Submit

    • memory/2724-0-0x00000000023F0000-0x00000000023F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2724-5-0x0000000000400000-0x00000000004C9000-memory.dmp

      Filesize

      804KB

      Download

    • memory/3344-6-0x00000000025A0000-0x00000000025A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3344-7-0x0000000000400000-0x00000000004C9000-memory.dmp

      Filesize

      804KB

      Download

    • memory/3344-8-0x0000000000400000-0x00000000004C9000-memory.dmp

      Filesize

      804KB

      Download